In an enterprise computing environment, there are many security risks. The goal of the Sun Java System Application Server is to provide highly secure, interoperable, and distributed component computing based on the J2EE security model. Security goals include:
Full compliance with the J2EE security model (for more information, see the J2EE specification, v1.4 Chapter 3 Security).
Full compliance with the EJB v2.1 security model (for more information, see the Enterprise JavaBean specification v2.1 Chapter 15 Security Management). This includes EJB role-based authorization.
Full compliance with the Java Servlet v2.4 security model (for more information, see the Java Servlet specification, v2.4 Chapter 11 Security). This includes servlet role-based authorization.
Support for single sign-on across all Application Server applications within a single security domain.
Support for message security.
Security support for application clients.
Support for several underlying authentication realms, such as simple file and LDAP. Certificate authentication is also supported for SSL client authentication. For Solaris, OS platform authentication is supported in addition to these.
Support for declarative security through Application Server specific XML-based role mapping.
Support for JACC (Java Authorization Contract for Containers) pluggable authorization as included in the J2EE 1.4 specification and defined by JSR-115.