Presentation is loading. Please wait.

Presentation is loading. Please wait.

Version # Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 1999 by Carnegie.

Published byHeather Parks Modified over 8 years ago

Similar presentations

Presentation on theme: "Version # Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 1999 by Carnegie."— Presentation transcript:

1 Version # Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 1999 by Carnegie Mellon University Delete this red box (from the title master) after creating all of your slides. Keep everything inside the “safe area” for correct display. Enterprise JavaBeans. - page 1 EJB Security Management

2 © 1999 by Carnegie Mellon University Version # Delete this red box (from the slide master) after creating all of your slides. Keep everything inside the “safe area” for correct display. Course or Lecture or Module Info. - page 2 Security Management Overview The enterprise bean class provider should not hard-code security policies and mechanisms into the business methods allows appropriate deployment for the operational environment of the enterprise The application assembler may define security roles for an application -semantic grouping of permissions method permissions for each security role -permission to invoke a specified group of methods

3 © 1999 by Carnegie Mellon University Version # Delete this red box (from the slide master) after creating all of your slides. Keep everything inside the “safe area” for correct display. Course or Lecture or Module Info. - page 3 Security Management Overview - 2 Security Roles Method Permissions EJBEJB Bean Provider Application Assembler Deployer Users Groups System Admins

4 © 1999 by Carnegie Mellon University Version # Delete this red box (from the slide master) after creating all of your slides. Keep everything inside the “safe area” for correct display. Course or Lecture or Module Info. - page 4 Bean Provider’s Responsibilities The bean provider should not implement security mechanisms or security policies in the enterprise beans’ business methods rely instead on the security mechanisms provided by the EJB Container It is possible, however, to programmatically access a Caller’s Security Context...

5 © 1999 by Carnegie Mellon University Version # Delete this red box (from the slide master) after creating all of your slides. Keep everything inside the “safe area” for correct display. Course or Lecture or Module Info. - page 5 Programmatically Accessing a Caller’s Security Context Two methods allow the bean provider to access security information about the enterprise bean’s caller getCallerPrincipal isCallerInRole In general, security management should be enforced by the container the security API should is used infrequently

6 © 1999 by Carnegie Mellon University Version # Delete this red box (from the slide master) after creating all of your slides. Keep everything inside the “safe area” for correct display. Course or Lecture or Module Info. - page 6 Declaring Security Roles Security roles are declared in the deployment descriptor... WombatPayroll com.wombat.PayrollBean This security role should be assigned to the employees allowed to update employees’ salaries. payroll …

7 © 1999 by Carnegie Mellon University Version # Delete this red box (from the slide master) after creating all of your slides. Keep everything inside the “safe area” for correct display. Course or Lecture or Module Info. - page 7 Application Assembler’s Responsibilities Define security roles in the deployment descriptor Specify the methods of the remote and home interface that each security role is allowed to invoke Link declared security role references to security roles

8 © 1999 by Carnegie Mellon University Version # Delete this red box (from the slide master) after creating all of your slides. Keep everything inside the “safe area” for correct display. Course or Lecture or Module Info. - page 8 Specifying Security Roles... Allows employees to access their own information employee Allowed to view/update payroll entries for employees payroll-department...

9 © 1999 by Carnegie Mellon University Version # Delete this red box (from the slide master) after creating all of your slides. Keep everything inside the “safe area” for correct display. Course or Lecture or Module Info. - page 9 Method permissions employee WombatPayroll findByPrimaryKey WombatPayroll getEmployeeInfo WombatPayroll updateEmployeeInfo

10 © 1999 by Carnegie Mellon University Version # Delete this red box (from the slide master) after creating all of your slides. Keep everything inside the “safe area” for correct display. Course or Lecture or Module Info. - page 10 Linking Security Role References to Security Roles... WombatPayroll com.wombat.PayrollBean This security role should be assigned to the employees allowed to update employees’ salaries. payroll payroll-department …

11 © 1999 by Carnegie Mellon University Version # Delete this red box (from the slide master) after creating all of your slides. Keep everything inside the “safe area” for correct display. Course or Lecture or Module Info. - page 11 Deployer’s Responsibilities Ensures that an application is secure after it has been deployed in the operational environment Assigns principals and/or groups of principals used for managing security in the operational environment to defined security roles not specified in the EJB architecture! specific to that operational environment Can use the security view defined in the deployment descriptor merely as “hints”

12 © 1999 by Carnegie Mellon University Version # Delete this red box (from the slide master) after creating all of your slides. Keep everything inside the “safe area” for correct display. Course or Lecture or Module Info. - page 12 EJB Container Provider’s Responsibilities The EJB container provider provides the implementation of the security infrastructure A security domain can be implemented, managed, and administered by the EJB Server e.g., the EJB Server may store X509 certificates The EJB specification does not define the scope of the security domain the scope may be defined by the boundaries of the application, EJB Server, operating system, network, or enterprise

13 © 1999 by Carnegie Mellon University Version # Delete this red box (from the slide master) after creating all of your slides. Keep everything inside the “safe area” for correct display. Course or Lecture or Module Info. - page 13 System Administrator’s Responsibilities Typically responsible for creating a new user account adding a user to a user group removing a user from a user group removing or freezing a user account Security domain administration is beyond the scope of the EJB specification...

14 © 1999 by Carnegie Mellon University Version # Delete this red box (from the slide master) after creating all of your slides. Keep everything inside the “safe area” for correct display. Course or Lecture or Module Info. - page 14 Proceed with Caution… Insecure Secure EJB Specification EIS EJB Server Vendor Threats

15 © 1999 by Carnegie Mellon University Version # Delete this red box (from the slide master) after creating all of your slides. Keep everything inside the “safe area” for correct display. Course or Lecture or Module Info. - page 15 Summary The EJB architecture does not specify how an enterprise should implement its security architecture assignment of security roles to the operational environment’s security concepts is specific to the operational environment identification and authentication left to EJB Server vendor’s Security will be vendor specific for some time no plans to address problem in EJB 2.0

16 © 1999 by Carnegie Mellon University Version # Delete this red box (from the slide master) after creating all of your slides. Keep everything inside the “safe area” for correct display. Course or Lecture or Module Info. - page 16 References [1] Java Authentication and Authorization Service (JAAS) http://java.sun.com/security/jaas/. [2]Java Cryptography Extension (JCE) http://java.sun.com/security/JCE1.2/spec/apidoc/index.html

Download ppt "Version # Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 1999 by Carnegie."

Similar presentations

J0 1 Marco Ronchetti - Basi di Dati Web e Distribuite – Laurea Specialistica in Informatica – Università di Trento.

J0 1 Marco Ronchetti - Basi di Dati Web e Distribuite – Laurea Specialistica in Informatica – Università di Trento.
Publication Module using back end interface. Institution Data Entry Add Documents. Edit/Delete Documents that are added but not yet sent to Institution.

Publication Module using back end interface. Institution Data Entry Add Documents. Edit/Delete Documents that are added but not yet sent to Institution.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
1 Lecture 20 George Koutsogiannakis Summer 2011 CS441 CURRENT TOPICS IN PROGRAMMING LANGUAGES.

1 Lecture 20 George Koutsogiannakis Summer 2011 CS441 CURRENT TOPICS IN PROGRAMMING LANGUAGES.
Approaches to EJB Replication. Overview J2EE architecture –EJB, components, services Replication –Clustering, container, application Conclusions –Advantages.

Approaches to EJB Replication. Overview J2EE architecture –EJB, components, services Replication –Clustering, container, application Conclusions –Advantages.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
EJB Design. Server-side components Perform –complex algorithms –high volume transactions Run in –highly available environment (365 days/year) –fault tolerant.

EJB Design. Server-side components Perform –complex algorithms –high volume transactions Run in –highly available environment (365 days/year) –fault tolerant.
EJB Security CSCI 5931 Web Security Kartikeya Kakarala Young Ho Choung.

EJB Security CSCI 5931 Web Security Kartikeya Kakarala Young Ho Choung.
Java 2 Platform, Enterprise Edition (J2EE). Source: Computer, August 2000 J2EE and Other Java 2 Platform Editions.

Java 2 Platform, Enterprise Edition (J2EE). Source: Computer, August 2000 J2EE and Other Java 2 Platform Editions.
J2EE Security and Enterprise Java Beans Mrunal G. Dhond Department of Computing and Information Sciences Master of Science, Final Defense February 26,

J2EE Security and Enterprise Java Beans Mrunal G. Dhond Department of Computing and Information Sciences Master of Science, Final Defense February 26,
SEI/CBS Initiative Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 1999.

SEI/CBS Initiative Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 1999.
Version # Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 1999 by Carnegie.

Version # Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 1999 by Carnegie.
Understanding Active Directory

Understanding Active Directory
Java Pet Store Application. Outline Introduction Introduction Information Layer Information Layer Application Layer Application Layer Infrastructure Layer.

Java Pet Store Application. Outline Introduction Introduction Information Layer Information Layer Application Layer Application Layer Infrastructure Layer.
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS

ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
Chapter 5 Roles and features. objectives Performing management tasks using the Server Manager console Understanding the Windows Server 2008 roles Understanding.

Chapter 5 Roles and features. objectives Performing management tasks using the Server Manager console Understanding the Windows Server 2008 roles Understanding.
Electronic Proposal Development and Submission Module 3 Professional Profiles Research Suite Product Support m.

Electronic Proposal Development and Submission Module 3 Professional Profiles Research Suite Product Support m.
Digital Identity Management Strategy, Policies and Architecture Kent Percival 2005 06 23 A presentation to the Information Services Committee.

Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
Chapter 10 EJB Concepts of EJB Three Components in Creating an EJB Starting/Stopping J2EE Server and Deployment Tool Installation and Configuration of.

Chapter 10 EJB Concepts of EJB Three Components in Creating an EJB Starting/Stopping J2EE Server and Deployment Tool Installation and Configuration of.

Similar presentations

Ads by Google