Chapter 7 Security


307


tions appear in the deployment descriptor as 


security role ref


elements. Each


security role ref


 element links a privilege name embedded in the application


as a 


roleName


 to a security role. Ultimately, deployment establishes the link


between the privilege names embedded in the application and the security roles


defined in the deployment descriptor. The link between privilege names and secu 


rity roles may differ for components in the same application.


Additionally, a component might want to use the identity of the caller to make


decisions about access control. As noted, a component can use the methods


EJBContext.getCallerPrincipal


 and 


HttpServletRequest.getUserPrincipal


 to


obtain the calling principle. Note that containers from different vendors may repre 


sent the returned principal differently. If portability is a priority, then care should be


taken when code is embedded with a dependence on a principle.


7.2.3 Confidentiality and Integrity


Confidentiality mechanisms


 ensure private communication between entities by


encrypting the message content so that a third party cannot read it. 


Integrity mecha 


nisms


 ensure that another party cannot tamper with communication between enti 


ties; in particular, that a third party cannot intercept and modify communications.


Integrity mechanisms can also ensure that messages are used only once. Attaching a


message signature 


to a message ensures that a particular person is responsible for


the content: In addition, the modification of the message by anyone other than the


creator of the content is detectable by the receiver. 


Configuring the containers to apply confidentiality and integrity mechanisms


is done when an application is deployed into its operational environment. Compo 


nents that need to be protected are noted as such. The corresponding containers


can be configured to employ the required confidentiality and integrity mecha 


nisms when interactions with these components occur over open or unprotected


networks. Containers can also be configured to reject call requests or responses


with message content that should be protected but is not. 


The J2EE platform requires that containers support transport layer integrity and


confidentiality mechanisms based on SSL so that security properties applied to com 


munications are established as a side effect of creating a connection. SSL can be


specified as requirements for Web components and EJB components, including Web


service endpoints.


The deployment descriptor conveys information to identify those components


with method calls whose parameters or return values should be protected. Details


about interacting with a J2EE component using SSL are discussed in the next sec 








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      
 

    

  

  




Our web partners:
Inexpensive 
Web Hosting 



Java Web Hosting


personal webspace


webspace php 


linux webhost
 




 html web templates




DreamweaverQuality Web Templates


PSD Web Templates
 





cheap webhost


j2ee web Hosting


buy webspace


ftp webspace


adult webspace
 





frontpage WebHosting


webspace hosting


cheap webhost


Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved



aol web hosting