JSR-000058 Java TM 2 Platform, Enterprise Edition 1.3 Specification

More documents

Recommendations

Info

SSL 3.0 1 and the means to perform mutual (client and server) certificate based authentication are required by this specification. All J2EE products must support the following cipher suites to ensure interoperable authentication with clients: ■ SSL_RSA_EXPORT_WITH_RC4_40_MD5 ■ SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA These cipher suites are supported by the major web browsers and meet the U.S. government export restrictions. Form Based Login The web application deployment descriptor contains an element that causes a J2EE product to associate an HTML form resource (perhaps dynamically generated) with the web application. If the Deployer chooses this form of authentication (over HTTP basic, or SSL certificate based authentication), this form must be used as the user interface for login to the application. The form based login mechanism and web application deployment descriptors are described in the Servlet 2.2 specification. 3.4.1.4 Unauthenticated Users Web containers are required to support access to web resources by clients that have not authenticated themselves to the container. This is the common mode of access to web resources on the Internet. A web container reports that no user has been authenticated by returning null from the HttpServletRequest method getUserPrincipal. The EJB specification requires that the EJBContext method getCallerPrincipal always return a valid Principal object. It can never return null. However, it’s important that components running in a web container be able to call enterprise beans, even when no user has been authenticated in the web container. When a call is made in such a case from a component in a web container to an enterprise bean, a J2EE product must provide a principal for use in the call. A J2EE product may provide a principal for use by unauthenticated callers using many approaches, including, but not limited to: ■ Always use a single distinguished principal. ■ Use a different distinguished principal per server, or per session, or per application. 1.The SSL 3.0 specification is available at: http://home.netscape.com/eng/ssl3 3-16 Java 2 Platform Enterprise Edition, v1.3 Proposed Final Draft (Sun Microsystems, Inc.)
■ Allow the deployer or system administrator to choose which principal to use. This specification does not specify how a J2EE product should choose a principal to represent unauthenticated users, although future versions of this specification may add requirements in this area. 3.4.2 Application Clients To satisfy the authentication and authorization constraints enforced by the enterprise bean containers and web containers, the application client container must authenticate the application user. The techniques used may vary based on the implementation of the application client container and are beyond the control of the application. The application client container may integrate with a J2EE product’s authentication system, to provide a single signon capability, or the container may authenticate the user when the application is started. The container may delay authentication until it is necessary to access a protected resource or enterprise bean. If the container needs to interact with the user to gather authentication data, the container must provide an appropriate user interface. In addition, an application client may provide a class that implements the javax.security.auth.callback.CallbackHandler interface and specify the class name in its deployment descriptor (see Section 9.7, “J2EE:applicationclient XML DTD” for details). The Deployer may override the callback handler specified by the application and require use of the container’s default authentication user interface instead. If use of a callback handler has been configured by the Deployer, the application client container must instantiate an object of this class and use it for all authentication interactions with the user. The application’s callback handler must support all the Callback objects specified in the javax.security.auth.callback package. Application clients execute in an environment controlled by a J2SE security manager and are subject to the security permissions defined in TABLE 6-2, "J2EE Security Permissions Set". Although this specification does not define the relationship between the operating system identity associated with a running application client and the authenticated user identity, a J2EE product’s ability to relate these identities is a fundamental aspect of single signon. Additional application client requirements are described in Chapter 9 of this specification. Chapter 3 Security 3-17
Page 1 and 2: Java 2 Platform Enterprise Edition
Page 3 and 4: RESTRICTED RIGHTS LEGEND. If this S
Page 5 and 6: Contents 1. Introduction 1-1 Acknow
Page 7 and 8: 3.5 Authorization Requirements 3-19
Page 9 and 10: 5.6.3 J2EE Product Provider’s Res
Page 11 and 12: 11.2 JNLP (Java Web Start) 11-2 11.
Page 13 and 14: CHAPTER 1 Introduction Enterprises
Page 15 and 16: CHAPTER 2 Platform Overview This ch
Page 17 and 18: Underlying the J2EE containers is t
Page 19 and 20: may use JavaIDL to act as clients o
Page 21 and 22: 2.2 Product Requirements This speci
Page 23 and 24: A J2EE Product Provider must provid
Page 25 and 26: 2.5 Platform Contracts 2.5.1 J2EE A
Page 27 and 28: CHAPTER 3 Security This chapter des
Page 29 and 30: Step 2: Initial Authentication The
Page 31 and 32: “not authorized” outcome is rea
Page 33 and 34: 3.3.3 Terminology This section intr
Page 35 and 36: These methods allow components to m
Page 37 and 38: The source of security attributes m
Page 39 and 40: Form Based Authentication The look
Page 41: 3.4 User Authentication Requirement
Page 45 and 46: The support for principal delegatio
Page 47 and 48: While most J2EE products will allow
Page 49 and 50: CHAPTER 4 Transaction Management Th
Page 51 and 52: 4.2 Requirements This section defin
Page 53 and 54: 4.2.2 Enterprise JavaBeans Componen
Page 55 and 56: JMS providers use the javax.transac
Page 57 and 58: J2EE application components may use
Page 59 and 60: CHAPTER 5 Naming This chapter descr
Page 61 and 62: 3. The Deployer uses the tools prov
Page 63 and 64: 5.2.1.2 Declaration of environment
Page 65 and 66: ■ Provide a deployment tool that
Page 67 and 68: 5.3.1.2 Declaration of EJB referenc
Page 69 and 70: This is a reference to the entity b
Page 71 and 72: special entries in the application
Page 73 and 74: 5.4.1.2 Declaration of resource man
Page 75 and 76: ■ Bind the resource manager conne
Page 77 and 78: 5.5.1.1 Resource environment refere
Page 79 and 80: ■ The Deployer must ensure that a
Page 81 and 82: 5.6.4 System Administrator’s Resp
Page 83 and 84: CHAPTER 6 Application Programming I
Page 85 and 86: 6.2 Java 2 Platform, Standard Editi
Page 87 and 88: Note that an operating system that
Page 89 and 90: 6.2.2.3 JDBC API The JDBC API allow
Page 91 and 92: ■ setBinaryStream(int parameterIn
Page 93 and 94:
6.2.2.5 RMI-JRMP 6.2.2.6 RMI-IIOP I
Page 95 and 96:
6.2.2.7 JNDI A J2EE product must ma
Page 97 and 98:
enterprise beans. All EJB container
Page 99 and 100:
typically not possible to create th
Page 101 and 102:
The JavaMail API uses the JavaBeans
Page 103 and 104:
6.12 J2EE Connector Architecture 1.
Page 105 and 106:
CHAPTER 7 Interoperability This cha
Page 107 and 108:
■ HTTP 1.0—This is the core pro
Page 109 and 110:
■ Class file format—The class f
Page 111 and 112:
CHAPTER 8 Application Assembly and
Page 113 and 114:
8.1 Application Development Life Cy
Page 115 and 116:
8.1.3 Application Assembly A J2EE a
Page 117 and 118:
. Synchronize security role-names a
Page 119 and 120:
8.3.1 Deploying a Stand-Alone J2EE
Page 121 and 122:
8.4 J2EE:application XML DTD This s
Page 123 and 124:
Chapter 8 Application Assem
Page 125 and 126:
Chapter 8 Application Asse
Page 127 and 128:
CHAPTER 9 Application Clients This
Page 129 and 130:
9.3 Transactions Application client
Page 131 and 132:
or the DOCTYPE declaration from a p
Page 133 and 134:
--> Chapter 9 Application Cli
Page 135 and 136:
The env-entry element contains the
Page 137 and 138:
com.wombat.empl.EmployeeService -->
Page 139 and 140:
The resource-env-ref-type element s
Page 141 and 142:
CHAPTER 10 Service Provider Interfa
Page 143 and 144:
CHAPTER 11 Future Directions This v
Page 145 and 146:
11.4 JDBC RowSets RowSets provide a
Page 147 and 148:
APPENDIX A Previous Version DTDs Th
Page 149 and 150:

Page 151 and 152:
Chapter A Previo
Page 153 and 154:
Chapter A Previous Version D
Page 155 and 156:
Chapter A Previous Version DTD
Page 157 and 158:
Chapter A Previous Version DTD
Page 159 and 160:
Chapter A Previous
Page 161 and 162:
APPENDIX A Revision History A.1 Cha
Page 163 and 164:
■ Clarified roles of JRMP and RMI
Page 165 and 166:
A.5 Changes in Proposed Final Draft
Page 167 and 168:
APPENDIX B Related Documents This s
Page 169 and 170:
The SSL Protocol, Version 3.0. Avai
show all

JSR-000058 Java TM 2 Platform, Enterprise Edition 1.3 Specification

Create successful ePaper yourself

Delete template?

Save as template?