Security

In an enterprise computing environment, failure, compromise, or lack of availability of computing resources can jeopardize the viability of the enterprise. An organization must take steps to identify threats to security. Once they are identified, steps should be taken to reduce these threats.

It is unreasonable to assume that J2EE^TM products, and hence J2EE applications, can displace existing enterprise security infrastructures. The J2EE application programming model attempts to leverage existing security services rather than require new services or mechanisms.

This discussion begins with a review of some security concepts and mechanisms. We describe the security concerns and characteristics of enterprise applications and explore the application of J2EE security mechanisms to the design, implementation, and deployment of secure enterprise applications.

In this chapter:

• Security Threats and Mechanisms
• Authentication
• Authorization
• Protecting Messages
• Auditing
• Summary
• Questions and Answers