|
|
To implement authentication, access control, data integrity, and confidentiality from a J2EE platform you need to understand a number of important concepts discussed in the following sections.
Roles and Principals
Within anyWeb application, there can be different types of users: some might be registered users, some are premium users, and some are entry-level users.These different types of users will have different access levels within a Web application, and these different types of users can be referred to as roles.
Individual users can then be assigned to these different roles; the principal is the actual user. So a principal could be in one or more roles. To put it in concrete terms, I am a registered user of a Web site, my username is johndoe, and I am a premium user. My principal is johndoe, and the role could be Premium User. The principal and role information can be stored in a variety of ways.They could bein an LDAP directory, an NT domain, or in a database, and a server can be configured to interact with them.WebLogic, for example, has out-of-the-box support for all these.
Declarative and Programmatic Security
Within the J2EE standard, you can implement security in two ways:
As we explore how security is actually implemented in Web applications, you’ll see examples of roles and principals, and also examples of declarative and programmatic security.We’ll start with declarative security via authentication.
|
|
All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.