Mobile Linux
App Generation ROI

IBM® developerWorks
Sun Developer Network
Weekly Newsletter
Developer Updates
Free Website Content

Articles

Forums

All Feeds

Write For Us Get Paid

Request Media Kit

Site Map

Privacy Policy
Support

USERNAME

PASSWORD

>>> SIGN UP!

Lost Password?

JAVA

RSS

JAAS, Securing EJB

By: A.P.Rajshekhar	Search For More Articles! Disclaimer Author Terms
Rating: / 11
2005-08-24

Table of Contents:

JAAS, Securing EJB

JAAS and J2EE Container Interaction

JAAS and EJB- Implementing JAAS for EJB

Authenticating the user within the EJB

	ADD THIS ARTICLE TO:
	Del.ici.ous	Digg
	Blink	Simpy
	Google	Spurl
	Y! MyWeb	Furl

Email Me Similar Content When Posted

Add Developer Shed Article Feed To Your Site

Email Article To Friend

Print Version Of Article

PDF Version Of Article

JAAS, Securing EJB - JAAS and EJB- Implementing JAAS for EJB

(Page 3 of 4 )

The first question that arises is, what is a façade pattern and how is it relevant in this discussion. A façade pattern, if we go by the definition, is “An interface that provides a unified interface to a set of interfaces in a sub-system.” In other words, a façade is a class or an interface that acts like a gateway to another class, interface or a set of interfaces.

In the context of EJB, a Session Bean acts as a gateway to another Session Bean or to an Entity Bean. This pattern is more in use where Entity Beans are used. The reason for this involves the optimized use of the network. If clients make requests directly to an Entity Bean, the network could get congested because the Entity Bean may be contacting the database server through the same server. Hence a Session Bean is kept at the ‘gateway’ to the Entity Bean. No external entity (read client) can contact the Entity Bean by bypassing the Session Bean. Thus the Session Bean can even cache a previous result from the Entity Bean and reuse it. This reduces the network usage.

In the context of security, the façade pattern helps by providing a single authentication point. The Session Bean that acts as a façade can contain authentication and authorization code. In this way, a client can be authenticated, even before the request is passed on to the Entity Beans. Now let’s see how it’s done.

In securing an EJB, there are two approaches. They are:

Authenticating the client using JAAS.
Authenticating the user within the EJB using a combination of programmatic and declarative security.

Authenticating the client using JAAS

In this approach, the authentication routines reside outside the EJB. The check is done when a web client requests service of an EJB. The servlet-filter intercepts the request and authenticates the user on whose behalf the request is being made. As you may remember, this is just an extension of the securing web component approach. The beauty of this approach is that the authentication is done without interfering with the business components.

Next: Authenticating the user within the EJB >>

More Java Articles
More By A.P.Rajshekhar

Comments On: JAAS, Securing EJB
   · HiThe issue of security is omnipresent. Web development is no exception. In this...
   · Hi,After reading your article, I need some clarifications.Web and ejb...
   · Hi anonymousIt is a good question. The reality is that EJB can only authorize that...

>>> Post your comment now!

JAVA ARTICLES

- Deploying Multiple Java Applets as One
- Deploying Java Applets
- Understanding Deployment Frameworks
- Database Programming in Java Using JDBC
- Extension Interfaces and SAX
- Entities, Handlers and SAX
- Advanced SAX
- Conversions and Java Print Streams
- Formatters and Java Print Streams
- Java Print Streams
- Wildcards, Arrays, and Generics in Java
- Wildcards and Generic Methods in Java
- Finishing the Project: Java Web Development ...
- Generics and Limitations in Java
- Getting Started with Java Web Development in...
Find More Java Articles