Enterprise Beans Tutorial

Home| Forums | Join Google Group | Join Yahoo Group | Jobs
Get custom programming done at GetAFreelancer.com!
Earn Money
  Trading Forex Online
  Paramount Airways
  Free Data Recovery
 Cargo
 Job Portal
  HSBC Investment
 Management
 Cheap Web Hosting
  Make Trip
  Cheap Air Travel
 Leisure Hotel
  Free Air Travel
  Mutual Fund Informations
   Cheapest Cellular Plan
 Free Sexy Indians
  Call Center Software
  Hot Indian
 Programming Help | Homework Help | Counseling
Astrology Advice | Tarot Advice | Parenting
Dating Advice | Love Advice | Divorce Advice
Legal Advice | Debt Advice | Career Advice

Enterprise Beans Tutorial


29 · The JSP component is a protected resource. · Only the Customer role may invoke the transfer method of the Account enterprise bean. · The J2EE group named CurrentCustomer belongs to the Customer role. · Mary's J2EE user belongs to the CurrentCustomer group in the default realm. When Mary transfers the funds, the J2EE server enforces security as follows: 1. Mary's browser attempts to access the JSP component.
2. Because the component is a protected resource, authentication is required. The Web service requests
the Web browser to prompt for the J2EE user name and password.
3. Mary enters her J2EE user name and password, which are passed back to the J2EE server.
4. The authentication service verifies that the user name and password exist in the default realm.
5. The Web browser is allowed to access the JSP component.
6. Mary clicks the Transfer button on the form generated by the JSP component, which calls a
JavaBeans component.
7. The JavaBeans component attempts to invoke the transfer method of the Account enterprise bean.
8. Mary's J2EE group (CurrentCustomer) belongs to the Customer role, which is allowed to invoke the
transfer method. Therefore, the EJB container authorizes the invocation. FIGURE 8-2 Authenticated Access to a JSP Component and an Enterprise Bean Bean-Managed Security · The security mechanisms described in the Authentication and Authorization sections are sufficient for most J2EE applications. · You control these mechanisms by declaring certain parameters with the Application Deployment Tool.
Because this approach is declarative, you don't have to code your own security routines. · Some applications have special security requirements. For example, an application might make
authorization decisions based on the time of day, the parameters of a call, or the internal state of an
enterprise bean. Another application might restrict access based on user information stored in a database. · If your application has special security requirements, you may want to take advantage of the APIs
described in the following sections. Getting the Caller's J2EE User The getCallerPrincipal method of the EJBContext interface returns the java.security.Principal object that identifies the caller of the enterprise bean. (In this case, a principal is the same as a user.) In the

Earn Money
  Trading Forex Online
  Paramount Airways
  Free Data Recovery
 Cargo
 Job Portal
  HSBC Investment
 Management
 Cheap Web Hosting
  Make Trip
  Cheap Air Travel
 Leisure Hotel
  Free Air Travel
  Mutual Fund Informations
   Cheapest Cellular Plan
 Free Sexy Indians
  Call Center Software
  Hot Indian