Securing the Application Server
Securing the Application Server
Securing the Application Server
This tutorial describes deployment to the Application Server, which provides highly secure,
interoperable, and distributed component computing based on the Java EE security model. The
Application Server supports the Java EE 5 security model. You can configure the Application
Server for the following purposes:
Adding, deleting, or modifying authorized users. For more information on this topic, read
Configuring secure HTTP and IIOP listeners.
Configuring secure JMX connectors.
Adding, deleting, or modifying existing or custom realms.
Defining an interface for pluggable authorization providers using Java Authorization
Contract for Containers (JACC).
Java Authorization Contract for Containers (JACC) defines security contracts between the
Application Server and authorization policy modules. These contracts specify how the
authorization providers are installed, configured, and used in access decisions.
Using pluggable audit modules.
Setting and changing policy permissions for an application.
The following features are specific to the Application Server:
Message security
Single sign-on across all Application Server applications within a single security domain
Programmatic login
For more information about configuring the Application Server, read the Sun Java System
Application Server 9.1 Developer's Guide and Sun Java System Application Server 9.1
Administration Guide.
Working with Realms, Users, Groups, and Roles
You often need to protect resources to ensure that only authorized users have access.
Authorization provides controlled access to protected resources. Authorization is based on
identification and authentication. Identification is a process that enables recognition of an entity
by a system, and authentication is a process that verifies the identity of a user, device, or other
entity in a computer system, usually as a prerequisite to allowing access to resources in a system.
These concepts are discussed in more detail in
Working with Realms, Users, Groups, and Roles
Chapter 28 · Introduction to Security in the Java EE Platform
777
