Overview of JCA Security
The security architecture defined in the JCA specifications extends the end-to-end security model for J2EE application by including integration with EIS-based resource adapters. Users accessing EIS are authenticated and authorized before being allowed to interface with the EIS. One problem with multiple EISs is that the security infrastructures can be different, as will the security capabilities. Hence, keeping the security neutral is one of the most important goals of JCA security. In most cases, access to EISs will be over networks (local or remote), which means that support for secured communications is a basic requirement.
Some of the terms used to describe the JCA security architecture are defined here:
A principal ...