Enterprise Bean (EJB) programming tutorials

Enterprise Beans Tutorial

Home| Forums | Join Google Group | Join Yahoo Group | Jobs

Earn Money
Trading Forex Online
  Paramount Airways
  Free Data Recovery
Cargo
Job Portal
  HSBC Investment
Management
Cheap Web Hosting
  Make Trip
  Cheap Air Travel
Leisure Hotel
  Free Air Travel
  Mutual Fund Informations
Cheapest Cellular Plan
Free Sexy Indians
  Call Center Software
  Hot Indian

Enterprise Beans Tutorial

27 · Most of the examples in this book feature clients that are stand-alone Java applications. Because these
clients do not log on, they are assigned the unauthenticated and anonymous user named guest. (The
password is guest123.) · Other types of clients, including Web browsers, may also access the J2EE server without authentication.
Such clients are always assigned the user guest, indicating that their access in unauthenticated. · Many applications do not require authentication. For example, an online product catalog would not
force customers to log on if they are merely browsing. Also, when you first start developing an
application, you may find it convenient to allow anyone (guest) to access the application's components. · During deployment, you specify whether or not a web component is a protected resource. If the web
component is unprotected, anyone may access it from their browser. If an unprotected web component
accesses an enterprise bean, the authentication service assigns it a certificate for the guest user. Any
subsequent calls to enterprise beans are associated with the guest user. · If a web component is protected, you may specify three types of authentication: basic, form, and
certificate. With basic authentication, the server instructs the Web browser to prompt for the user name
and password. With form authentication, you can specify the .html form or .jsp file that prompts for the
user name and security:passwordspassword. With certificate authentication, the server requests a
certificate from the browser. In all types of authentication, if the web component calls as enterprise
bean, the call is associated with the authenticated user. ## Authorization · Authorization is the process by which the J2EE server grants or denies permission to invoke the methods of an enterprise bean. · You define authorization in the enterprise bean's security attributes in three steps: o Declaring Roles o Declaring Method Permissions o Mapping Roles to J2EE Users and Groups Declaring Roles · When you design an enterprise bean, you should keep in mind what types of users will access the bean.
For example, an Account enterprise bean might be accessed by customers, bank tellers, and branch
managers. Each of these user categories is called a role. · A J2EE group also represents a category of users, but it has a different scope than a role. · A J2EE group is designated for the entire J2EE server, whereas a role covers only a specific
application in a J2EE server. · To create a role for an application, you declare it for the EJB .jar or web component (.war) files
contained in the application. Declaring Method Permissions · After you've defined the roles, you're ready to define the method permissions of an enterprise bean. · Method permissions indicate which roles are allowed to invoke which methods. · You specify method permissions by mapping roles to methods with the Application Deployment Tool Mapping Roles to J2EE Users and Groups · When you are developing an enterprise bean, you should know the roles of your users, but you probably
won't know exactly who the users will be. That's okay, because after your bean has been deployed the
administrator of the J2EE server will map the roles to the J2EE users (or groups) of the default realm. · Using the Application Deployment Tool, the administrator maps roles to J2EE users and groups · By default, the Role Name table assigns the ANYONE role to a method. The guest user, which is
anonymous and unauthenticated, belongs to the ANYONE role. Therefore, if you do not map the roles,
any user may invoke the methods of an enterprise bean.