16.6. Summary
We have seen that the security of an EJB-based application is controlled by policies set up by the developer and implemented by the EJB container and by the transport protocol it uses. Although the security architecture is complex, most of the complexity is concealed from the EJB developer. The developer’s roles are to define the application roles and assign method permissions to those roles. Optionally, programmatic techniques can be used to supplement this ‘declarative’ security model. In an enterprise application, securing the method invocations on EJBs will not offer protection against eavesdropping and impersonation, and certificate-based encryption techniques may be used on the intercontainer protocol itself. The certificates ...
Get Applied Enterprise JavaBeans™ Technology now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
