Security to an application can be provided in 3 ways:
Authentication
Access Control
Security Medium
Authentication : proves that it is you who is accessing that.
Can be implemented by implementing :
- User name & Password
- Secret Keys
- Smart Cards
- Certificates
Access Control List (ACL)
Roles
Access Control
ACL & Roles are a group of privileges.
Firewalls
Proxies
Security Medium
Gate Keeper
SSL
Firewalls & Proxies are based on HTTP Protocol [supports FTP also]
Firewalls work in Network Environment
Proxies work in Application Environment
Gatekeepers supports IIOP, JRMP.
IIOP, JRMP are used for Distributed Applications
Gatekeeper converts the IIOP request [messages] with HTTP request and sents it to the server through firewall.
Gatekeeper runs in parallel to the Proxy (or) Firewall.
Secured Socket Layer [SSL] is a suit of different protocols.
Encryption: is a Mechanism of encoding the data.
Synchromes : A secret key is generated based on which the data is converted into encoded form.
The ‘secret key’ is sent along with the encoded data and this key is used for decoding also.
A synchronous : The data is encrypted with the help of ‘public key’ can be decrypted with the help of the ‘Private Key’ corresponding to that ‘public key’ only.
Security in EJB:
EJB 1.1 suggests not to hardcode the security measures; but to provide them from outside.
)Username & Password
In Weblogic properties file
Weblogic password =
A Security Principal is a person (or) entity (or) object (or) organization (ro) user (In the EJB 1.0. Principal is identity
A security credential is a passwort (or) a secretary.
Methods & EJB Context :
Identity getCallerIndentity ( ) is a called roll (string null name)
Each serves fetches the identity of the client and verifies the identity for further access.
Run-As Identity : will be disabled
Run-As Mode : Specifies for the mode in which the Bean is running.
The different modes are
System
Specified
Client
System : Bean will be also running with the identity of the system
The Bean Identity and the client Identity should match, for the Bean to be accessible for the client.
If the Bean identity is same as client identity, client can be called all the methods of the Bean.
If the Bean Identity is System Identity & Client Identity then the Bean Identity neednot be specified.
If the RUN-AS mode of the Bean is specified, we explicitly need to specify the identity of the Bean.
In the AccessControlEntry we list out all the identities which can access the specified Bean Identity.
Ex: If the mode specified for the Bean is b1; the we list user1, user2, admin, staff modes to access the Bean.
Run-Asmode, Run-Asidentity are set with the help of control Descriptor specified Mode can be set by using Access Control Entry.
Remote Object controls all the checks for the Bean.
It checks for each method call by the user; if a invalid method call is made the RemoteObject itself throws an Exception to the client; else forwards the method call.
