In an enterprise computing environment, there are many security risks. The goal of the Sun Java System Application Server is to provide highly secure, interoperable, and distributed component computing based on the Java EE security model. Security goals include:
Full compliance with the Java EE security model. This includes EJB and servlet role-based authorization.
Support for single sign-on across all Application Server applications within a single security domain.
Support for web services message security.
Security support for application clients.
Support for several underlying authentication realms, such as simple file and Lightweight Directory Access Protocol (LDAP). Certificate authentication is also supported for Secure Socket Layer (SSL) client authentication. For Solaris, OS platform authentication is supported in addition to these.
Support for declarative security through Application Server specific XML-based role mapping.
Support for Java Authorization Contract for Containers (JACC) pluggable authorization as included in the Java EE specification and defined by Java Specification Request (JSR) 115.