This document describes how to implement security in Java applications. It include descriptions of the Security Service Application Programming Interfaces and programming instructions for implementing security in Java applications
Documentation Audience
This document is intended for the following audiences:
Application Developers—Developers who are Java programmers who focus on developing Java applications, incorporating security into Java applications and Enterprise JavaBeans (EJBs), and who work with other engineering, quality assurance (QA), and database teams to implement security features. Application Developers have in-depth working knowledge of Java (including J2EE components such as servlets/JSPs and JSEE).
Security Architects—Individuals who are responsible for designing and implementing the overall security architecture for their organization, evaluating BEA AquaLogic Enterprise Security features, and determining how to best implement policies. Security Architects have in-depth knowledge of Java programming, Java security, and network security, as well as knowledge of security systems and leading-edge security technologies and tools.
Security Developers—Developers (including third-party developers) who focus on defining the system architecture and infrastructure for security products and who develop custom security providers for use with BEA AquaLogic Enterprise Security services. Security Developers work with Security Architects to ensure that the architecture is implemented according to design specifications and that it does not introduce any security holes. Security Developers also work with administrators to ensure that security is properly configured. Security Developers have a solid understanding of certain concepts, including authentication, authorization, and auditing, and an in-depth knowledge of Java and security provider functionality.
Guide to this Document
This document is organized as follows:
Introduction, introduces the Java Security Service Module product and describes its components.
Naming Authority, describes naming authorities in the context of the Java Security Service Module.
Java Security Service Module APIs, describes the APIs that you use to develop Java applications using the Java Security Service Module.
Developing Applications Using the Java Security Service Module, provides step-by-step procedures for developing Java applications. The procedures include code fragments that demonstrate how to implement each programming step.
Related Information
The BEA corporate web site provides all documentation for BEA AquaLogic Enterprise Security. Other BEA AquaLogic Enterprise Security documents that may be of interest to the reader include:
WSDL Documentation for the Web Service Interfaces—This document provides reference documentation for the Web Services Interfaces that are provided with and supported by this release of BEA AquaLogic Enterprise Security.
Policy Managers Guide—This document how to write access control policies for BEA AquaLogic Enterprise Security, and describes how to import and export policy data.
Developing Security Providers—This document provides security vendors and security and application developers with the information needed to develop custom security providers.
Javadocs for Security Service Provider Interfaces—This document provides reference documentation for the Security Service Provider Interfaces that are provided with and supported by this release of BEA AquaLogic Enterprise Security.
Javadocs for Java API—This document provides reference documentation for the Java Application Programming Interfaces that are provided with and supported by this release of BEA AquaLogic Enterprise Security.
