Securing the Application Server - The Java EE 5 Tutorial (original) (raw)

Securing the Application Server

This tutorial describes deployment to the Application Server, which provides highly secure, interoperable, and distributed component computing based on the Java EE security model. The Application Server supports the Java EE 5 security model. You can configure the Application Server for the following purposes:

• Adding, deleting, or modifying authorized users. For more information on this topic, read Working with Realms, Users, Groups, and Roles.
• Configuring secure HTTP and IIOP listeners.
• Configuring secure JMX connectors.
• Adding, deleting, or modifying existing or custom realms.
• Defining an interface for pluggable authorization providers using Java Authorization Contract for Containers (JACC).
  Java Authorization Contract for Containers (JACC) defines security contracts between the Application Server and authorization policy modules. These contracts specify how the authorization providers are installed, configured, and used in access decisions.
• Using pluggable audit modules.
• Setting and changing policy permissions for an application.

The following features are specific to the Application Server:

• Message security
• Single sign-on across all Application Server applications within a single security domain
• Programmatic login

Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices