In this chapter we will cover:
- Securing portals
- Securing with JBoss AS
- Securing with Tomcat
- Choosing the JAAS modules
- Creating a login page
- Synchronizing users
- Securing pages
- Securing categories
- Securing applications
- Securing portlets
This chapter discusses the configurations aimed at providing security features to portals and all the related components. We will see that we can work using either the web console or the XML configuration files. As you would expect, the latter is more flexible in most instances.
Many of the configuration snippets shown in the chapter are based on Enterprise Deployment Descriptors (DD). Keep in mind that XML always remains the best option for configuring a product. We will configure GateIn in different ways to show how to adapt some of the internal components for your needs.
Note
Enterprise Deployment Descriptors (DD) are configuration files related to an enterprise application component that must be deployed in an application server.
The goal of the deployment descriptor is to define how a component must be deployed in the container, configuring the state of the application and its internal components.
These configuration files were introduced in the Java Enterprise Platform to manage the deployment of Java Enterprise components such as Web Applications, Enterprise Java Beans, Web Services, and so on.
Typically, for each specific container, you have a different definition of the descriptor depending on vendors and standard specifications.
Typically, a portal consists of pages related to a public section and a private section. Depending on the purpose, of course, we can also work with a completely private portal.
The two main mechanisms used in any user-based application are the following:
- Authentication
- Authorization
We talked about authentication in the previous chapter and now we will discuss authorization: how to configure and manage permissions for all the objects involved in the portal. As an example, a User is a member of a Group, which provides him with some authorizations. These authorizations are the things that members of the Groups can do in the portal.
On the other side, as an example, a page is defined with some permissions, which says which Groups can access it. Now, we are going to see how to configure and manage these permissions, for the pages, components in a page, and so on in the portal.