Discussion: Securing the Duke’s Bank Example
The Duke’s Bank application is an online banking application. Duke’s Bank has two clients: an application client used by administrators to manage customers and accounts, and a web client used by customers to access account histories and perform transactions. The clients access the customer, account, and transaction information maintained in a database through enterprise beans. The Duke’s Bank application demonstrates the way that many of the component technologies presented in this tutorial (enterprise beans, application clients, and web components) are applied to provide a simple but functional application.
To secure the Duke’s Bank example, the following security mechanisms are used:
-
Defining security roles
-
Specifying form-based user authentication for the web client in a security constraint
-
Adding authorized users and groups to the appropriate Application Server realm
-
Specifying method permissions for enterprise beans
-
Configuring Interoperable Object References (IOR)
Read Chapter 37, The Duke’s Bank Application for more information on securing the Duke’s Bank example.
- © 2010, Oracle Corporation and/or its affiliates