Skip to Main Content
Enterprise JavaBeans, Second Edition
book

Enterprise JavaBeans, Second Edition

by Richard Monson-Haefel
September 2001
Intermediate to advanced content levelIntermediate to advanced
489 pages
14h 44m
English
O'Reilly Media, Inc.
Content preview from Enterprise JavaBeans, Second Edition

Security

EJB specifies declarative attributes for security authorization. Once a user has been authenticated (logged in), access to enterprise beans can be monitored and controlled. The declarative authorization attributes allow the container to control which users can access which methods on specific bean types. In EJB 1.0, individual methods on a bean are associated with Identity objects that represent individual users or groups of users called roles. Only users that are associated with the correct Identity objects can access the bean’s methods. Using this approach, bean methods can be mapped to a set of identities in the serializable deployment descriptor.

When a bean method is invoked at runtime, the container examines the Identity of the caller and compares it to the list of Identity objects associated with that method. If the caller’s identity matches or is a member of one of the identities associated with the method, the method can be invoked. Although this authentication model works well—it allows fine-grained functional authentication without requiring any code in the bean itself—it also has some problems. In an operational environment that supports ACL-based security, all the identities and roles in an enterprise are part of the operational environment. To choose Identity objects to associate with bean methods, you must have access to the ACL repository of the environment that the bean will be deployed in. For this reason, it is normally assumed that the deployer in EJB ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Enterprise JavaBeans, Third Edition

Enterprise JavaBeans, Third Edition

Richard Monson-Haefel
Enterprise JavaBeans, Fourth Edition

Enterprise JavaBeans, Fourth Edition

Sacha Labourey, Bill Burke, Richard Monson-Haefel
Enterprise JavaBeans 3.0, 5th Edition

Enterprise JavaBeans 3.0, 5th Edition

Richard Monson-Haefel, Bill Burke
Enterprise JavaBeans 3.1, 6th Edition

Enterprise JavaBeans 3.1, 6th Edition

Andrew Lee Rubinger, Bill Burke

Publisher Resources

ISBN: 1565928695Supplemental ContentCatalog PageErrata