Exit Print View

Sun GlassFish Enterprise Server v3 Application Development Guide

  This Document Entire Library
Print View Previous Next

Document Information

Preface

Part I Development Tasks and Tools

1.  Setting Up a Development Environment

2.  Class Loaders

3.  Using Ant with Enterprise Server

4.  Debugging Applications

Part II Developing Applications and Application Components

5.  Securing Applications

Security Goals

Enterprise Server Specific Security Features

Container Security

Declarative Security

Application Level Security

Component Level Security

Programmatic Security

Roles, Principals, and Principal to Role Mapping

Realm Configuration

Supported Realms

How to Configure a Realm

How to Set a Realm for an Application or Module

Creating a Custom Realm

JACC Support

Pluggable Audit Module Support

Configuring an Audit Module

The AuditModule Class

The server.policy File

Default Permissions

System Properties

Changing Permissions for an Application

Enabling and Disabling the Security Manager

Configuring Message Security for Web Services

Message Security Providers

Message Security Responsibilities

Application Developer

Application Deployer

System Administrator

Application-Specific Message Protection

Using a Signature to Enable Message Protection for All Methods

Configuring Message Protection for a Specific Method Based on Digital Signatures

Understanding and Running the Sample Application

To Set Up the Sample Application

To Run the Sample Application

Programmatic Login

Programmatic Login Precautions

Granting Programmatic Login Permission

The ProgrammaticLogin Class

User Authentication for Single Sign-on

Adding Authentication Mechanisms to the Servlet Container

The Enterprise Server and JSR 196

Writing a Server Authentication Module

Sample Server Authentication Module

Compiling and Installing a Server Authentication Module

Configuring a Server Authentication Module

Binding a Server Authentication Module to Your Application

6.  Developing Web Services

7.  Using the Java Persistence API

8.  Developing Web Applications

9.  Using Enterprise JavaBeans Technology

10.  Using Container-Managed Persistence

11.  Developing Java Clients

12.  Developing Connectors

13.  Developing Lifecycle Listeners

Part III Using Services and APIs

14.  Using the JDBC API for Database Access

15.  Using the Transaction Service

16.  Using the Java Naming and Directory Interface

17.  Using the Java Message Service

18.  Using the JavaMail API

Index

Chapter 5

Securing Applications

This chapter describes how to write secure Java EE applications, which contain components that perform user authentication and access authorization for the business logic of Java EE components.

For information about administrative security for the Sun GlassFish Enterprise Server, see Chapter 11, Administering System Security, in Sun GlassFish Enterprise Server v3 Administration Guide.

For general information about Java EE security, see Part VII, Security, in The Java EE 6 Tutorial, Volume I.

This chapter contains the following sections:

Note - The Web Profile of the Enterprise Server supports the EJB 3.1 Lite specification, which allows enterprise beans within web applications, among other features. The full Enterprise Server supports the entire EJB 3.1 specification. For details, see JSR 318.

Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next