Home arrow Java arrow Page 3 - JAAS, Securing EJB
JAVA

JAAS, Securing EJB


The first article in this two-part tutorial discussed how to secure web components when using the JAAS framwork. Since J2EE components are divided into web components and business components, the next logical step is to learn how to secure business components. That is the topic of this article.

Author Info:
By: A.P.Rajshekhar
Rating: 5 stars5 stars5 stars5 stars5 stars / 14
August 24, 2005
TABLE OF CONTENTS:
  1. · JAAS, Securing EJB
  2. · JAAS and J2EE Container Interaction
  3. · JAAS and EJB- Implementing JAAS for EJB
  4. · Authenticating the user within the EJB

print this article
SEARCH DEVARTICLES

JAAS, Securing EJB - JAAS and EJB- Implementing JAAS for EJB
(Page 3 of 4 )

The first question that arises is, what is a façade pattern and how is it relevant in this discussion. A façade pattern, if we go by the definition, is “An interface that provides a unified interface to a set of interfaces in a sub-system.” In other words, a façade is a class or an interface that acts like a gateway to another class, interface or a set of interfaces.

In the context of EJB, a Session Bean acts as a gateway to another Session Bean or to an Entity Bean. This pattern is more in use where Entity Beans are used. The reason for this involves the optimized use of the network. If clients make requests directly to an Entity Bean, the network could get congested because the Entity Bean may be contacting the database server through the same server. Hence a Session Bean is kept at the ‘gateway’ to the Entity Bean. No external entity (read client) can contact the Entity Bean by bypassing the Session Bean. Thus the Session Bean can even cache a previous result from the Entity Bean and reuse it. This reduces the network usage.

In the context of security, the façade pattern helps by providing a single authentication point. The Session Bean that acts as a façade can contain authentication and authorization code. In this way, a client can be authenticated, even before the request is passed on to the Entity Beans.  Now let’s see how it’s done.

In securing an EJB, there are two approaches. They are:

  1. Authenticating the client using JAAS.
  2. Authenticating the user within the EJB using a combination of programmatic and declarative security.

Authenticating the client using JAAS

In this approach, the authentication routines reside outside the EJB. The check is done when a web client requests service of an EJB. The servlet-filter intercepts the request and authenticates the user on whose behalf the request is being made. As you may remember, this is just an extension of the securing web component approach. The beauty of this approach is that the authentication is done without interfering with the business components.


blog comments powered by Disqus
JAVA ARTICLES

- Java Too Insecure, Says Microsoft Researcher
- Google Beats Oracle in Java Ruling
- Deploying Multiple Java Applets as One
- Deploying Java Applets
- Understanding Deployment Frameworks
- Database Programming in Java Using JDBC
- Extension Interfaces and SAX
- Entities, Handlers and SAX
- Advanced SAX
- Conversions and Java Print Streams
- Formatters and Java Print Streams
- Java Print Streams
- Wildcards, Arrays, and Generics in Java
- Wildcards and Generic Methods in Java
- Finishing the Project: Java Web Development ...

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials