EJB Security Framework

J2EE is only responsible for specification, and Natural Security is no exception. Therefore, many terms are added to J2EE Security specifications, such as JCA, JCE, JAAS, and JSSE. According to J2EE, Sun implements the main framework, including the core security architecture of Java and common encryption, authentication, and authorization algorithms and interfaces, third parties can use this framework and expand the security architecture, provided that the third party has to follow the specifications set by Sun. The specifications naturally come from ideas, and the J2EE Security specifications naturally have their own ideas. In this idea, J2EE defines many program roles and their relationships. The most important thing is that J2EE defines the responsibilities of these roles. These roles include component producers, application assemblers, deployers, component container producers, and Application Server System Administrators. In this assumption, they all perform their respective duties. Another important aspect is that when the Component User indirectly calls the component through the container, there are two kinds of such calls: one is when the Component User calls the component, the other is the component call component. This call process also requires restrictions (not mandatory ). In addition, the roles and subjects mentioned in the J2EE Security System are logically related to the business, and often do not correspond to the security roles and subjects in the OS, the System Administrator is responsible for ing. The natural reality is often different from the imagination, but it often does not deviate from where it is, and the overall idea will not change much.

In this system, the component producer is responsible for coding (either hard coding or by deploying information and recommending the latter) to determine who can access the specified resources, the security subject or role he specified is often related to the business. The application assembler is responsible for defining who can access the component and a method of the component. It is possible that he also needs to define the logic (business) ing between roles and physical (system) roles. The deployer must define the security domain or security technical domain to which the physical (system) role belongs, simply put, he needs to define the role of these physical (system) Roles in the entire domain; component container producers do more things, because he earned the most, he needs to provide security-related deployment tools and system management tools throughout the J2EE system. He also needs to provide subject authentication, secure communication, audit, and other functions. Finally, he wants to go to the system administrator, basically, he manages the application server. He creates an account based on the information provided by the deployer, defines the role of the account, and reviews the security information. All in all, the responsibilities of each role must be clear throughout the system.