Summary
J2SE security model includes a highly flexible, configurable and extensible framework for code-based authorization of actions. This has been further extended by JAAS to include user authentication and user-based authorization. The complete framework consists of a number of APIs, configuration files, system properties and tools.
Permissions are specified in policy files and are granted to all code, code downloaded from a specific location (jar file or directory identified by an URL), signed by the owner of a X.509 certificate, code running on behalf of an authenticated user, or any combination of these. These permissions can be specified in one or more policy files and can be applied to all programs, programs launched by a specific OS ...
Get J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
