Security Responsibilities

The goal of security in the J2EE architecture is to reduce the effort required by the EJB developer to secure the application by allowing greater coverage from more qualified EJB roles. The EJB container provides the implementation of the security infrastructure, whereas the deployer and the system administrator define the security policies. This eliminates any hard-coded security in the EJB code, and allows portability across multiple EJB servers that use different security mechanisms.

The application assembler (which could be the same party as the EJB developer) defines the security roles for an application composed of one or more EJBs, JSPs, and/or servlets. The assembler defines (declaratively in the deployment descriptor) method permissions for each security role. Method permissions are the permissions to invoke a specified group of methods of the EJB's home and component interfaces. The assembler also sets delegated security using the run-as identity.

The deployer is responsible for mapping the principals and groups of principals defined in the target operational environment to the security roles defined by the application assembler for the EJBs in the deployment descriptor. The deployer is also responsible for mapping principals for the run-as identities specified by the application assembler. The deployer is also responsible for configuring other aspects of the security management of the enterprise beans, such as the principal mapping for inter-EJB calls, and the principal mapping for resource manager access, such as JMS and JDBC access. At runtime, a client will be allowed to invoke a business method only if the deployer has assigned the principal associated with the client call to at least one security role.

The container provider is responsible for enforcing the security policies at runtime, providing the tools for managing security at runtime, and providing the tools used by the deployer to manage security during deployment.