300
J2EE Platform Security Model
7.2.1.1
Protection Domains
The J2EE platform makes it possible to group entities into special domains, called
protection domains, so that they can communicate among themselves without
having to authenticate themselves. A 
protection domain 
is a logical boundary
around a set of entities that are assumed or known to trust each other
. 
Entities in such
a domain need not be authenticated to one another. 
Figure 7.2 illustrates an environment using protection domains. It shows how
authentication is required only for interactions that cross the boundary of a protec 
tion domain. Interactions that remain within the protection domain do not require
authentication. Although authentication is not required within this realm of trust,
there must be some means to ensure that unproven or unauthenticated identities do
not cross the protection domain boundary. In the J2EE architecture, a container
provides an authentication boundary between external callers and the components
it hosts. Furthermore, the architecture does not require that the boundaries of pro 
tection domains be aligned with the boundaries of containers. The container's
responsibility is to enforce the boundaries, but implementations are likely to
support protection domains that span containers.
The container ensures that the identity of a call is authenticated before it
enters the protection domain; this is usually done with a credential, such as an
X.509 certificate or a Kerberos service ticket. A credential is analogous to a pass 
port or driver's license. The container also ensures that outgoing calls are properly
identified. Maintaining proper proof of component identity makes it easier for
interacting components to trust each other. A J2EE developer can declaratively
specify the authentication requirements of an application for calls to its compo 
nents (such as enterprise beans or JSPs) and for outbound calls that its compo 
nents make to access other components and resources.
The deployment descriptor holds declarations of the references made by each
J2EE component to other components and to external resources. These declara 
tions, which appear in the descriptor as 
ejb ref
 elements, 
resource ref
 ele 
ments, and 
service ref
 elements, indicate where authentication may be
necessary. The declarations are made in the scope of the calling component, and
they serve to expose the application's inter component or resource call tree.
Deployers use J2EE platform tools to read these declarations, and they can then
use these references to properly secure interactions between the calling and called
components. The container uses this information at runtime to determine whether
authentication is required and to provide the mechanisms for handling identities
and credentials.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting