16.1. Security concepts

This section describes some fundamental principles of application security; the discussion is from the standpoint of J2EE and EJB, but most of these issues apply with equal force to any enterprise application. In this chapter, I assume that reader has a basic familiarity with the concepts of public-key cryptography. If this is not the case, then you may wish to review the subject in Appendix G. I would strongly recommend this course of action for readers who are unfamiliar with the concepts of digital certificates and encryption.

16.1.1. Security requirements

A security architecture has to address a number of related, but different, security needs, including the following.

  • When a client attempts to interact with the ...

Get Applied Enterprise JavaBeans™ Technology now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.