Document Information

Preface

Part I Introduction

1.  Overview

2.  Using the Tutorial Examples

Part II The Web Tier

3.  Getting Started with Web Applications

4.  JavaServerTM Faces Technology

5.  Introduction to Facelets

6.  Unified Expression Language

7.  Using JavaServerTM Faces Technology in Web Pages

8.  Using Converters, Listeners and Validators

9.  Developing With JavaServerTM Faces Technology

10.  Java Servlet Technology

Part III Web Services

11.  Introduction to Web Services

12.  Building Web Services with JAX-WS

13.  Building RESTful Web Services with JAX-RS and Jersey

Part IV Enterprise Beans

14.  Enterprise Beans

15.  Getting Started with Enterprise Beans

16.  Running the Enterprise Bean Examples

Part V Contexts and Dependency Injection for the JavaTM EE Platform

17.  Introduction to Contexts and Dependency Injection for the JavaTM EE Platform

18.  Running the Basic Contexts and Dependency Injection Examples

Part VI Persistence

19.  Introduction to the Java Persistence API

20.  Running the Persistence Examples

21.  The Java Persistence Query Language

22.  Creating Queries Using the Criteria API

Part VII Security

23.  Introduction to Security in the Java EE Platform

24.  Getting Started Securing Enterprise Applications

Securing Enterprise Beans

Securing an Enterprise Bean Using Declarative Security and Annotations

Specifying Authorized Users by Declaring Security Roles

Specifying an Authentication Mechanism and Secure Connection

Example: Securing an Enterprise Bean

Securing an Enterprise Bean Programmatically

Accessing an Enterprise Bean Caller's Security Context

Example: Using the isCallerInRole and getCallerPrincipal Methods

Propagating a Security Identity (Run-As)

Configuring a Component's Propagated Security Identity

Trust between Containers

Deploying Secure Enterprise Beans

Accepting Unauthenticated Users

Securing Application Clients

Using Login Modules

Using Programmatic Login

Securing Enterprise Information Systems (EIS) Applications

Container-Managed Sign-On

Component-Managed Sign-On

Configuring Resource Adapter Security

Mapping an Application Principal to EIS Principals

25.  Getting Started Securing Web Applications

Part VIII JavaTM EE Supporting Technologies

26.  Introduction to JavaTM EE Supporting Technologies

27.  Transactions

28.  Resource Connections

Index

  
java.sun.com | docs.sun.com
The Java EE 6 Tutorial, Volume I
Home | Download | PDF | API | FAQ | Search | Feedback | History

Responsibility for Administering Security

The following parties are responsible for administering security for enterprise applications:

  • System Administrator

    The system administrator is responsible for setting up a database of users and assigning those users to the proper group. The system administrator is also responsible for setting properties on the Enterprise Server that enable the applications to run properly. In terms of security, some examples include setting up a default principal to role mapping, anonymous users, default users, and propagated identities. More information on system administrator responsibilities is found in Sun GlassFish Enterprise Server v3 Administration Guide. When needed for this tutorial, the steps for performing specific steps will also be provided herein.

  • Application Developer/Bean Provider

    The application developer/bean provider is responsible for annotating the classes and methods of the enterprise application in order to provide information to the deployer about which methods need to have restricted access. This tutorial describes the steps necessary to complete this task.

  • Deployer

    The deployer is responsible for taking the security view provided by the application developer and implementing that security upon deployment. This document provides the information needed to accomplish this task for the tutorial example applications. For more information on deployment, the best source for the Enterprise Server is the Sun GlassFish Enterprise Server v3 Application Deployment Guide.

The material in The Java EE 6 Tutorial, Volume I is copyright-protected and may not be published in other works without express written permission from Sun Microsystems.