| CONTENTS | PREV | NEXT | INDEX | Designing Enterprise Applications with the J2EETM Platform, Second Edition |
A primary goal of the J2EE platform is to relieve the application developer from the details of security mechanisms and facilitate the secure deployment of an application in diverse environments. The J2EE platform addresses this goal by defining a clear separation of responsibility among those who develop application components, those who assemble components into applications, and those who configure applications for use in a specific environment. By allowing the component provider and application assembler to specify the parts of an application that require security, deployment descriptors provide a means outside of code for the developer to communicate these needs to the deployer. They also enable container-specific tools to give the deployer easier ways to engage the security constraints recommended by the developer.
An application component provider identifies all of the security dependencies embedded in a component including:
An application component provider may also provide a method permission model, along with information that identifies the sensitivity with respect to privacy of the information exchanged in particular calls.
An application assembler combines one or more components into an application package and then rationalizes the external view of security provided by the individual components to produce a consistent security view for the application as a whole. The objective of the application assembler is to provide this information so that it can inform the actions of a deployer.
A deployer is responsible for taking the security view of the application provided by the application assembler and using it to secure the application in a specific operational environment. The deployer uses a platform-specific deployment tool to map the view provided by the assembler to the policies and mechanisms that are specific to the operational environment. The security mechanisms configured by the deployer are implemented by containers on behalf of the components hosted in the containers.
J2EE security mechanisms combine the concepts of container hosting, plus the declarative specification of application security requirements, with the availability of application-embedded mechanisms. This provides a powerful model for secure, interoperable, distributed component computing.