Other J2EE Security Topics

In this section, we discuss a few other topics relevant to J2EE security, including securing enterprise resource managers, web service security, and single sign-on.

Accessing Enterprise Resource Managers

An enterprise may have a wide range of enterprise resource managers such as relational database systems and message-oriented middleware products. To establish a connection to these resources, authentication is often required. You can manage the authentication details for these resource managers in one of two ways. You can manage it yourself in your application code, or you can use the application server or container to manage the connection details for you.

Resource manager references are declared in web and EJB deployment descriptors using <resource-ref> elements. Full details on declaring resource references in deployment descriptors can be found in Chapter 2. In terms of the authentication mode to be used with a given resource, this is specified using the <res-auth> element within the <resource-ref> element. To indicate that the container should handle authentication details, set the <res-auth> element to Container. You then need to configure the authentication details for the resource in the container, using its management tools or container-specific configuration files. If you’d prefer to manage the authentication details in your application code, set the <res-auth> value to Application. It’s usually preferable to use container-managed authentication ...

Get Java Enterprise in a Nutshell, Third Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.