J2EE^TM Developer's Guide
Security

Scenarios

The scenarios in this section show how authentication and authorization work together to manage security for J2EE applications.

J2EE Application Client

In this scenario, an employee named Bob has moved and he wishes to update his home address for his company's records. The company that Bob works for has a J2EE application that allows employees to update their personal information. Figure 8-1 illustrates this application. To change his address, Bob runs a J2EE application client that invokes the update method in the Employee enterprise bean.

Before Bob runs the client, the J2EE administrator sets up the security as follows:

Only the Administrator and RegularEmployee roles may invoke the update method of the Employee enterprise bean.
The J2EE group named FullEmployee belongs to the RegularEmployee role.
The J2EE user Bob belongs to the FullEmployee group in the default realm.

The J2EE server performs the following security checks at run time:

1. When the J2EE application client starts running it opens a dialog that prompts for the J2EE user name and password, which Bob enters.

2. The authentication service verifies that Bob's user name and password exist in the default realm.

3. Bob clicks the update button in the client, which attempts to invoke the update method of the Employee enterprise bean.

4. The EJB container performs authorization. It verifies that the RegularEmployee role, to which Bob's group (FullEmployee) belongs, has permission to invoke the update method.

FIGURE 8-1 Authenticated Access to an Enteprise Bean

Web Browser Client

In the next scenario, illustrated in figure 8-2, Mary transfers money between her savings and checking accounts from her Web browser. To transfer the funds, Mary enters a URL that accesses a JSP component. This component calls a JavaBeans^TM component, which invokes the transfer method of the Account enterprise bean.

The J2EE administrator enforces security with these rules:

The JSP component is a protected resource.
Only the Customer role may invoke the transfer method of the Account enterprise bean.
The J2EE group named CurrentCustomer belongs to the Customer role.
Mary's J2EE user belongs to the CurrentCustomer group in the default realm.

When Mary transfers the funds, the J2EE server enforces security as follows:

1. Mary's browser attempts to access the JSP component.

2. Because the component is a protected resource, authentication is required. The Web service requests the Web browser to prompt for the J2EE user name and password.

3. Mary enters her J2EE user name and password, which are passed back to the J2EE server.

4. The authentication service verifies that the user name and password exist in the default realm.

5. The Web browser is allowed to access the JSP component.

6. Mary clicks the Transfer button on the form generated by the JSP component, which calls a JavaBeans component.

7. The JavaBeans component attempts to invoke the transfer method of the Account enterprise bean.

8. Mary's J2EE group (CurrentCustomer) belongs to the Customer role, which is allowed to invoke the transfer method. Therefore, the EJB container authorizes the invocation.

FIGURE 8-2 Authenticated Access to a JSP Component and an Enterprise Bean

Prev | Next

TOC | Index