304
J2EE Platform Security Model
factory. For example, the 
javax.sql.DataSource
 interface provides a resource
manager factory interface to obtain a 
javax.sql.Connection
 for a database. JMS,
JavaMail, and URL connection factories are also available for these common types
of resources. 
When integrating with enterprise information systems, J2EE components may
use different security mechanisms and operate in different protection domains
than the resources they access. In these cases, you can configure the calling con 
tainer to manage for the calling component the authentication to the resource, a
form of authentication called 
container managed resource manager sign on
. The
J2EE architecture also recognizes that some components need to directly manage
the specification of caller identity and the production of a suitable authenticator.
For these applications, the J2EE architecture provides a means for an application
component to engage in what is called
 application managed resource manager
sign on
. Use application managed resource manager sign on when the ability to
manipulate the authentication details is fundamental to the component's function 
ality.
The 
resource ref
 elements of a component's deployment descriptor declare
the resources used by the component. The value of the 
res auth 
subelement
declares whether sign on to the resource is managed by the container or the appli 
cation. With application managed resource manager sign on, it is possible for
components that programmatically manage resource sign on to use the
EJBContext.getCallerPrincipal
 or 
HttpServletRequest
.
getUserPrincipal
methods to obtain the identity of their caller. A component can map the identity of
its caller to a new identity or authentication secret as required by the target enter 
prise information system. With container managed resource manager sign on, the
container performs 
principal mapping 
on behalf of the component.
Care should be taken to ensure that access to any component with a capability
to sign on to another resource is secured by appropriate authorization rules. Oth 
erwise, that component can be misused to gain unauthorized access to the
resource.
The J2EE Connector architecture offers a standard API for application 
managed resource manager sign on. This API ensures portability of components
that authenticate with enterprise information systems.
7.2.2 Authorization
Authorization 
mechanisms limit interactions with resources to collections of users
or systems for the purpose of enforcing integrity, confidentiality, or availability






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting