security11.html

j2eePDF格式的电子书

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
    <meta http-equiv="Content-Style-Type" content="text/css" />
    <title>Propagating Security Identity</title>
    <link rel="StyleSheet" href="document.css" type="text/css" media="all" />
    <link rel="StyleSheet" href="catalog.css" type="text/css" media="all" />
    <link rel="Table of Contents" href="J2EETutorialTOC.html" />
    <link rel="Previous" href="Security10.html" />
    <link rel="Next" href="Security12.html" />
    <link rel="Index" href="J2EETutorialIX.html" />
  </head>

  <body>

    <table width="550" summary="layout" id="SummaryNotReq1">
      <tr>
	<td align="left" valign="center">
	<font size="-1">
	<a href="http://java.sun.com/j2ee/1.4/download.html#tutorial" target="_blank">Download</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/faq.html" target="_blank">FAQ</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/history.html" target="_blank">History</a>
	</td>
        <td align="center" valign="center">
<a accesskey="p" href="Security10.html"><img id="LongDescNotReq1" src="images/PrevArrow.gif" width="26" height="26" border="0" alt="Prev" /></a><a accesskey="c" href="J2EETutorialFront.html"><img id="LongDescNotReq1" src="images/UpArrow.gif" width="26" height="26" border="0" alt="Home" /></a><a accesskey="n" href="Security12.html"><img id="LongDescNotReq3" src="images/NextArrow.gif" width="26" height="26" border="0" alt="Next" /></a><a accesskey="i" href="J2EETutorialIX.html"></a>
        </td>
	<td align="right" valign="center">
	<font size="-1">
	<a href="http://java.sun.com/j2ee/1.4/docs/api/index.html" target="_blank">API</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/search.html" target="_blank">Search</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/sendusmail.html" target="_blank">Feedback</a></font>
	</font>
	</td>
      </tr>
    </table>

    <img src="images/blueline.gif" width="550" height="8" ALIGN="BOTTOM" NATURALSIZEFLAG="3" ALT="Divider">

    <blockquote>
<a name="wp299585"> </a><h2 class="pHeading1">
Propagating Security Identity
</h2>
<a name="wp299587"> </a><p class="pBody">
When you deploy an enterprise bean or Web component, you can specify the security identity that will be propagated (illustrated in <a  href="Security11.html#wp299603">Figure 27-1</a>) to enterprise beans invoked from within that component.
</p>
<a name="wp299601"> </a><p class="pBody">
</p><div align="left"><img src="images/Fig33a.gif" height="164" width="382" alt="Security Identity Propagation" border="0" hspace="0" vspace="0"/>
</div><p class="pBody">
</p>

<p>
  <a name="299603"> </a><strong><font >Figure 27-1   Security Identity Propagation</font></strong>
</p>

<a name="wp299604"> </a><p class="pBody">
You can choose one of the following propagation styles:
</p>
<div class="pSmartList1"><ul class="pSmartList1">
<a name="wp299606"> </a><div class="pSmartList1"><li>The caller identity of the intermediate component is propagated to the target enterprise bean. This technique is used when the target container trusts the intermediate container.</li></div>
<a name="wp299608"> </a><div class="pSmartList1"><li>A specific identity is propagated to the target enterprise bean. This technique is used when the target container expects access via a specific identity.</li></div>
</ul></div>
<a name="wp299610"> </a><h3 class="pHeading2">
Configuring a Component's Propagated Security Identity
</h3>
<a name="wp434886"> </a><p class="pBody">
To configure an enterprise bean's propagated security identity:
</p>
<div class="pSmartList1"><ol type="1" class="pSmartList1">
<a name="wp299612"> </a><div class="pSmartList1"><li>Select the enterprise bean to configure.</li></div>
<a name="wp299613"> </a><div class="pSmartList1"><li>In the Security Identity panel of the Security pane, select the security identity that will be propagated to the beans that this enterprise bean calls:</li></div>
<div class="pSmartList2"><ul class="pSmartList2">
<a name="wp299614"> </a><div class="pSmartList2"><li>If you want the principal of this enterprise bean's caller to be propagated to other beans that it calls, choose Use Caller ID.</li></div>
<a name="wp299615"> </a><div class="pSmartList2"><li>If you want a security identity other than the caller's identity propagated to other beans, choose Run as Role, select the role from the menu, then select the User in Role from the available users in the selected role.</li></div>
</ul></div>
<a name="wp430198"> </a><div class="pSmartList1"><li>If the role that you want to use as the security identity is not in the list, click Edit Roles and add the role.</li></div>
</ol></div>
<a name="wp434890"> </a><p class="pBody">
To configure a Web component's propagated security identity:
</p>
<div class="pSmartList1"><ol type="1" class="pSmartList1">
<a name="wp430201"> </a><div class="pSmartList1"><li>Select the Web component to configure.</li></div>
<a name="wp299620"> </a><div class="pSmartList1"><li>In the Security Identity panel of the Security pane, select Use Caller ID if the caller ID is to be propagated to methods of other components called from this Web component. Otherwise, select Run as Role, and select a role from the list of known roles in the WAR file.</li></div>
<a name="wp299621"> </a><div class="pSmartList1"><li>If the role that you want to use as the security identity is not in the list, click Edit Roles and add it.</li></div>
</ol></div>
<a name="wp299626"> </a><h3 class="pHeading2">
Configuring Client Authentication
</h3>
<a name="wp299627"> </a><p class="pBody">
If an application component in an application client container accesses a protected method on a bean, use client authentication. 
</p>
<a name="wp299636"> </a><h4 class="pHeading3">
Trust between Containers
</h4>
<a name="wp299637"> </a><p class="pBody">
When an enterprise bean is designed so that either the original caller identity or a designated identity is used to call a target bean, the target bean will receive the propagated identity only; it will <span style="font-style: italic">not</span> receive any authentication data. 
</p>
<a name="wp299638"> </a><p class="pBody">
There is no way for the target container to authenticate the propagated security identity. However, since the security identity is used in authorization checks (for example, method permissions or with the <code class="cCode">isCallerInRole()</code> method), it is vitally important that the security identity be authentic. Since there is no authentication data available to authenticate the propagated identity, the target must trust that the calling container has propagated an authenticated security identity. 
</p>
<a name="wp299639"> </a><p class="pBody">
By default, the J2EE 1.4 Application Server is configured to trust identities that are propagated from different containers. Therefore, there are no special steps that you need to take to set up a trust relationship.
</p>
    </blockquote>

   <img src="images/blueline.gif" width="550" height="8" ALIGN="BOTTOM" NATURALSIZEFLAG="3" ALT="Divider">


    <table width="550" summary="layout" id="SummaryNotReq1">
      <tr>
	<td align="left" valign="center">
	<font size="-1">
	<a href="http://java.sun.com/j2ee/1.4/download.html#tutorial" target="_blank">Download</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/faq.html" target="_blank">FAQ</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/history.html" target="_blank">History</a>
	</td>
        <td align="center" valign="center">
<a accesskey="p" href="Security10.html"><img id="LongDescNotReq1" src="images/PrevArrow.gif" width="26" height="26" border="0" alt="Prev" /></a><a accesskey="c" href="J2EETutorialFront.html"><img id="LongDescNotReq1" src="images/UpArrow.gif" width="26" height="26" border="0" alt="Home" /></a><a accesskey="n" href="Security12.html"><img id="LongDescNotReq3" src="images/NextArrow.gif" width="26" height="26" border="0" alt="Next" /></a><a accesskey="i" href="J2EETutorialIX.html"></a>
        </td>
	<td align="right" valign="center">
	<font size="-1">
	<a href="http://java.sun.com/j2ee/1.4/docs/api/index.html" target="_blank">API</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/search.html" target="_blank">Search</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/sendusmail.html" target="_blank">Feedback</a></font>
	</font>
	</td>
      </tr>
    </table>

    <img src="images/blueline.gif" width="550" height="8" ALIGN="BOTTOM" NATURALSIZEFLAG="3" ALT="Divider">

<p><font size="-1">All of the material in <em>The J2EE(TM) 1.4 Tutorial</em> is 
<a href="J2EETutorialFront2.html">copyright</a>-protected and may not be published in other works
without express written permission from Sun Microsystems.</font>

  </body>
</html>