304


J2EE Platform Security Model


factory. For example, the 


javax.sql.DataSource


 interface provides a resource


manager factory interface to obtain a 


javax.sql.Connection


 for a database. JMS,


JavaMail, and URL connection factories are also available for these common types


of resources. 


When integrating with enterprise information systems, J2EE components may


use different security mechanisms and operate in different protection domains


than the resources they access. In these cases, you can configure the calling con 


tainer to manage for the calling component the authentication to the resource, a


form of authentication called 


container managed resource manager sign on


. The


J2EE architecture also recognizes that some components need to directly manage


the specification of caller identity and the production of a suitable authenticator.


For these applications, the J2EE architecture provides a means for an application


component to engage in what is called


 application managed resource manager


sign on


. Use application managed resource manager sign on when the ability to


manipulate the authentication details is fundamental to the component's function 


ality.


The 


resource ref


 elements of a component's deployment descriptor declare


the resources used by the component. The value of the 


res auth 


subelement


declares whether sign on to the resource is managed by the container or the appli 


cation. With application managed resource manager sign on, it is possible for


components that programmatically manage resource sign on to use the


EJBContext.getCallerPrincipal


 or 


HttpServletRequest


.


getUserPrincipal


methods to obtain the identity of their caller. A component can map the identity of


its caller to a new identity or authentication secret as required by the target enter 


prise information system. With container managed resource manager sign on, the


container performs 


principal mapping 


on behalf of the component.


Care should be taken to ensure that access to any component with a capability


to sign on to another resource is secured by appropriate authorization rules. Oth 


erwise, that component can be misused to gain unauthorized access to the


resource.


The J2EE Connector architecture offers a standard API for application 


managed resource manager sign on. This API ensures portability of components


that authenticate with enterprise information systems.


7.2.2 Authorization


Authorization 


mechanisms limit interactions with resources to collections of users


or systems for the purpose of enforcing integrity, confidentiality, or availability








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      
 

    

  

  




Our web partners:
Inexpensive 
Web Hosting 



Java Web Hosting


personal webspace


webspace php 


linux webhost
 




 html web templates




DreamweaverQuality Web Templates


PSD Web Templates
 





cheap webhost


j2ee web Hosting


buy webspace


ftp webspace


adult webspace
 





frontpage WebHosting


webspace hosting


cheap webhost


Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved



aol web hosting