3.2. Security roles

The J2EE specification defines a security role as: “A logical groupings of users that are defined by an Application Component Provider or Assembler”. Security roles provide a mechanism whereby application developers determine the security policies for an application by creating named sets of users (for example: managers, customers, employees, and so on) that will have access to secure resources and methods. At application assembly time, these sets of users, or security roles, are not tied to any real users or groups of users. Instead, they are placeholders which are later mapped to real users and groups at application deployment time, during a process called security role mapping.

Figure 3-2. Security roles

This two-phase ...

Get IBM WebSphere V5.0 Security: WebSphere Handbook Series now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.