Sun Java System Web Server 6.1 SP6 Programmer's Guide to Web Applications

Security Responsibilities Overview

Before delving into the specific security features of Sun Java System Web Server, it is helpful to first understand responsibilities pertaining to security. This section provides that overview.

A J2SE platform's primary goal is to isolate the developer from the security mechanism details and facilitate a secure application deployment in diverse environments. This goal is addressed by providing mechanisms for the application security specification requirements declaratively and outside the application.

When developing applications for Sun Java System Web Server, it is necessary to decide whether your application should use the traditional Sun Java System Web Server native ACL subsystem or the J2SE/Servlet access control model. For guidelines on how to make this decision, see the Sun Java System Web Server 6.1 SP6 Administrator’s Guide.

The roles described in this section apply to the J2SE/Servlet model and are described in more detail in the J2SE specification:

Application Developer

The application developer is responsible for the following:

Application Assembler

The application assembler or application component provider must identify all security dependencies embedded in a component, including:

Application Deployer

The application deployer takes all component security views provided by the assembler and uses them to secure a particular enterprise environment in the application, including: