Security Management; Introduction; Declarative Security Management - Red Hat APPLICATION SERVER - JONAS Manual

Jonas

Hide thumbs Also See for APPLICATION SERVER - JONAS:

Tutorial (62 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

page of 296

/ 296
Contents
Table of Contents
Bookmarks

Table of Contents

This chapter is for the Enterprise Bean provider; that is, the person in charge of developing the soft-

ware components on the server side.

13.1. Introduction

The EJB architecture encourages the Bean programmer to implement the Enterprise Bean class with-

out hard-coding the security policies and mechanisms into the business methods.

13.2. Declarative Security Management

The application assembler can deﬁne a security view of the Enterprise Beans contained in the EJB-

JAR ﬁle. The security view consists of a set of security roles. A security role is a semantic grouping

of permissions for a given type of application user that allows that user to successfully use the ap-

plication. The application assembler can deﬁne (declaratively in the deployment descriptor) method

permissions for each security role. A method permission is a permission to invoke a speciﬁed group

of methods for the Enterprise Beans' home and remote interfaces. The security roles deﬁned by the

application assembler present this simpliﬁed security view of the Enterprise Beans application to the

deployer; the deployer's view of security requirements for the application is the small set of security

roles, rather than a large number of individual methods.

13.2.1. Security Roles

The application assembler can deﬁne one or more security roles in the deployment descriptor. The

application assembler then assigns groups of methods of the Enterprise Beans' home and remote

interfaces to the security roles in order to deﬁne the security view of the application.

The scope of the security roles deﬁned in the

and this includes all the Enterprise Beans in the EJB-JAR ﬁle.

...

assembly-descriptor

security-role

role-name tomcat /role-name

/security-role

...

/assembly-descriptor

13.2.2. Method Permissions

After deﬁning security roles for the Enterprise Beans in the EJB-JAR ﬁle, the application assembler

can also specify the methods of the remote and home interfaces that each security role can invoke.

Method permissions are deﬁned as a binary relationship in the deployment descriptor from the

set of security roles to the set of methods of the home and remote interfaces of the Enterprise

Beans, including all their super interfaces (including the methods of the

javax.ejb.EJBObject

only if the security role

interfaces). The method permissions relationship includes the pair

is allowed to invoke the method