The J2EETM Tutorial
Home
TOC
Index
PREV TOP NEXT Search
Feedback

J2EE Users, Realms, and Groups

A J2EE user is similar to an operating system user. Typically, both types of users represent people. However, these two types of users are not the same. The J2EE authentication service has no knowledge of the user name and password you provide when you log on to the operating system. The J2EE authentication service is not connected to the security mechanism of the operating system. The two security services manage users that belong to different realms.

A realm is a collection of users that are controlled by the same authentication policy. The J2EE authentication service governs users in two realms: certificate and default.

Certificates are used with the HTTPS protocol to authenticate Web browser clients. To verify the identity of a user in the certificate realm, the authentication service verifies an X.509 certificate. For step-by-step instructions, see Setting Up a Server Certificate. The common name field of the X.509 certificate is used as the principal name.

In most cases, the J2EE authentication service verifies user identity by checking the default realm. This realm is used for the authentication of all clients except for Web browser clients that use the HTTPS protocol and certificates.

A J2EE user of the default realm can belong to a J2EE group. (A user in the certificate realm cannot.) A J2EE group is a category of users classified by common traits, such as job title or customer profile. For example, most customers of an e-commerce application might belong to the CUSTOMER group, but the big spenders would belong to the PREFERRED group. Categorizing users into groups makes it easier to control the access of large numbers of users. The section EJB-Tier Security explains how to control user access to enterprise beans.

Managing J2EE Users and Groups

This section shows how to use deploytool to do the following:

Use the following procedure to display all users in the default or certificate realm.

  1. Select the server to which you want to add users or groups, or both.
  2. Select ToolsServer Configuration to display the Configuration Installation screen.
  3. Under J2EE Server in the tree view, select Users.
  4. Select the realm (Default or Certificate).

Use the following procedure to add a user to the default realm.

  1. Click Add User.
  2. Enter a user name and a password in the appropriate fields.
  3. In the Group Membership pane, select the group (from Available groups) to which the user you are adding will belong. To select multiple groups, repeat this step.
  4. Click Add to move your selection(s) to Groups.
  5. Click OK when done.

Use the following procedure to add a new group to the default realm.

  1. Click Edit Groups.
  2. From the Groups window, click Add.
  3. Select the line you just added and enter the name of the group to add.
  4. Click OK when done.

Use the following procedure to remove a group from the default realm.

  1. Click Edit Groups.
  2. From the Groups window, select the group to remove.
  3. Click Delete.
  4. Click Yes when prompted.
  5. Click OK when done.

Use the following procedure to add a new user to the certificate realm.

  1. Select the Certificate realm.
  2. Click Add User.
  3. Select the directory where the certificate is located.
  4. Select the certificate file name.
  5. Click OK when done.
Home
TOC
Index
PREV TOP NEXT Search
Feedback