Chapter 7 Security
307
tions appear in the deployment descriptor as 
security role ref
elements. Each
security role ref
 element links a privilege name embedded in the application
as a 
roleName
 to a security role. Ultimately, deployment establishes the link
between the privilege names embedded in the application and the security roles
defined in the deployment descriptor. The link between privilege names and secu 
rity roles may differ for components in the same application.
Additionally, a component might want to use the identity of the caller to make
decisions about access control. As noted, a component can use the methods
EJBContext.getCallerPrincipal
 and 
HttpServletRequest.getUserPrincipal
 to
obtain the calling principle. Note that containers from different vendors may repre 
sent the returned principal differently. If portability is a priority, then care should be
taken when code is embedded with a dependence on a principle.
7.2.3 Confidentiality and Integrity
Confidentiality mechanisms
 ensure private communication between entities by
encrypting the message content so that a third party cannot read it. 
Integrity mecha 
nisms
 ensure that another party cannot tamper with communication between enti 
ties; in particular, that a third party cannot intercept and modify communications.
Integrity mechanisms can also ensure that messages are used only once. Attaching a
message signature 
to a message ensures that a particular person is responsible for
the content: In addition, the modification of the message by anyone other than the
creator of the content is detectable by the receiver. 
Configuring the containers to apply confidentiality and integrity mechanisms
is done when an application is deployed into its operational environment. Compo 
nents that need to be protected are noted as such. The corresponding containers
can be configured to employ the required confidentiality and integrity mecha 
nisms when interactions with these components occur over open or unprotected
networks. Containers can also be configured to reject call requests or responses
with message content that should be protected but is not. 
The J2EE platform requires that containers support transport layer integrity and
confidentiality mechanisms based on SSL so that security properties applied to com 
munications are established as a side effect of creating a connection. SSL can be
specified as requirements for Web components and EJB components, including Web
service endpoints.
The deployment descriptor conveys information to identify those components
with method calls whose parameters or return values should be protected. Details
about interacting with a J2EE component using SSL are discussed in the next sec 






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting