security10.html

j2eePDF格式的电子书

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
    <meta http-equiv="Content-Style-Type" content="text/css" />
    <title>EIS-Tier Security</title>
    <link rel="StyleSheet" href="document.css" type="text/css" media="all" />
    <link rel="StyleSheet" href="catalog.css" type="text/css" media="all" />
    <link rel="Table of Contents" href="J2EETutorialTOC.html" />
    <link rel="Previous" href="Security9.html" />
    <link rel="Next" href="Security11.html" />
    <link rel="Index" href="J2EETutorialIX.html" />
  </head>

  <body>

    <table width="550" summary="layout" id="SummaryNotReq1">
      <tr>
	<td align="left" valign="center">
	<font size="-1">
	<a href="http://java.sun.com/j2ee/1.4/download.html#tutorial" target="_blank">Download</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/faq.html" target="_blank">FAQ</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/history.html" target="_blank">History</a>
	</td>
        <td align="center" valign="center">
<a accesskey="p" href="Security9.html"><img id="LongDescNotReq1" src="images/PrevArrow.gif" width="26" height="26" border="0" alt="Prev" /></a><a accesskey="c" href="J2EETutorialFront.html"><img id="LongDescNotReq1" src="images/UpArrow.gif" width="26" height="26" border="0" alt="Home" /></a><a accesskey="n" href="Security11.html"><img id="LongDescNotReq3" src="images/NextArrow.gif" width="26" height="26" border="0" alt="Next" /></a><a accesskey="i" href="J2EETutorialIX.html"></a>
        </td>
	<td align="right" valign="center">
	<font size="-1">
	<a href="http://java.sun.com/j2ee/1.4/docs/api/index.html" target="_blank">API</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/search.html" target="_blank">Search</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/sendusmail.html" target="_blank">Feedback</a></font>
	</font>
	</td>
      </tr>
    </table>

    <img src="images/blueline.gif" width="550" height="8" ALIGN="BOTTOM" NATURALSIZEFLAG="3" ALT="Divider">

    <blockquote>
<a name="wp299536"> </a><h2 class="pHeading1">
EIS-Tier Security
</h2>
<a name="wp299538"> </a><p class="pBody">
In the EIS tier, an application component requests a connection to an EIS resource. As part of this connection, the EIS may require a sign-on to the resource. The application component provider has two choices for the design of the EIS sign-on:
</p>
<div class="pSmartList1"><ul class="pSmartList1">
<a name="wp299540"> </a><div class="pSmartList1"><li>With the container-managed sign-on approach, the application component lets the container take the responsibility of configuring and managing the EIS sign-on. The container determines the user name and password for establishing a connection to an EIS instance.</li></div>
<a name="wp299541"> </a><div class="pSmartList1"><li>With the component-managed sign-on approach, the application component code manages EIS sign-on by including code that performs the sign-on process to an EIS.</li></div>
</ul></div>
<a name="wp299542"> </a><h3 class="pHeading2">
Container-Managed Sign-On
</h3>
<a name="wp299544"> </a><p class="pBody">
With container-managed sign-on, an application component does not have to pass any security information for signing on to the resource to the <code class="cCode">getConnection()</code> method. The security information is supplied by the container, as shown in the following example.
</p>
<div class="pPreformattedRelative"><pre class="pPreformattedRelative">
// Business method in an application component
Context initctx = new InitialContext();<a name="wp299545"> </a>
// Perform JNDI lookup to obtain a connection factory
javax.resource.cci.ConnectionFactory cxf =
     (javax.resource.cci.ConnectionFactory)initctx.lookup(
      &quot;java:comp/env/eis/MainframeCxFactory&quot;);<a name="wp299546"> </a>
// Invoke factory to obtain a connection. The security
// information is not passed in the getConnection method
javax.resource.cci.Connection cx = cxf.getConnection();
...<a name="wp299547"> </a>
</pre></div>
<a name="wp299548"> </a><h3 class="pHeading2">
Component-Managed Sign-On
</h3>
<a name="wp299550"> </a><p class="pBody">
With component-managed sign-on, an application component is responsible for passing the security information that is needed for signing on to the resource to the <code class="cCode">getConnection()</code> method. Security information could be a user name and password, for example, as shown here:
</p>
<div class="pPreformattedRelative"><pre class="pPreformattedRelative">
// Method in an application component
Context initctx = new InitialContext();<a name="wp299551"> </a>
// Perform JNDI lookup to obtain a connection factory
javax.resource.cci.ConnectionFactory cxf =
     (javax.resource.cci.ConnectionFactory)initctx.lookup(
       &quot;java:comp/env/eis/MainframeCxFactory&quot;);<a name="wp299552"> </a>
// Get a new ConnectionSpec
com.myeis.ConnectionSpecImpl properties = //..<a name="wp299553"> </a>
// Invoke factory to obtain a connection
properties.setUserName(&quot;...&quot;);
properties.setPassword(&quot;...&quot;);
javax.resource.cci.Connection cx = 
  cxf.getConnection(properties);
...<a name="wp299554"> </a>
</pre></div>
<a name="wp299555"> </a><h3 class="pHeading2">
Configuring Resource Adapter Security
</h3>
<a name="wp439919"> </a><p class="pBody">
In addition to configuring the sign-on, you can also configure the following security settings for the resource adapter: 
</p>
<div class="pSmartList1"><ul class="pSmartList1">
<a name="wp439920"> </a><div class="pSmartList1"><li>Authentication mechanism(s)</li></div>
<a name="wp439921"> </a><div class="pSmartList1"><li>Reauthentication support</li></div>
<a name="wp439922"> </a><div class="pSmartList1"><li>Security permissions</li></div>
</ul></div>
<a name="wp439923"> </a><p class="pBody">
To configure these settings using <code class="cCode">deploytool</code>:
</p>
<div class="pSmartList1"><ol type="1" class="pSmartList1">
<a name="wp439924"> </a><div class="pSmartList1"><li>Select the resource adapter file.</li></div>
<a name="wp439925"> </a><div class="pSmartList1"><li>Select the Security tabbed pane.</li></div>
<a name="wp439926"> </a><div class="pSmartList1"><li>In the Authentication Mechanisms pane, specify the authentication mechanism(s) that are supported by this resource adapter:</li></div>
<div class="pSmartList2"><ul class="pSmartList2">
<a name="wp439927"> </a><div class="pSmartList2"><li>Select Password to require a username and password to connect to an EIS</li></div>
<a name="wp439928"> </a><div class="pSmartList2"><li>Select Kerberos Version 5.0 to require the resource adapter to support the Kerberos authentication mechanism.</li></div>
<a name="wp439929"> </a><p class="pBodyRelative">
You can select more than one mechanism or no mechanism. If you do not select one, no standard security authentication is supported as part of the security contract.
</p>
</ul></div>
<a name="wp439930"> </a><div class="pSmartList1"><li>Select Reauthentication Supported if the resource adapter implementation supports performing reauthentication on an existing physical connection. Reauthentication is performed when an application server calls the getConnection method with a security context that is different than the one used to establish the connection. This information is for the resource adapter implementation and not for the underlying EIS instance.</li></div>
<a name="wp439931"> </a><div class="pSmartList1"><li>In the Security Permissions pane, click Add to enter a security permission that the resource adapter needs to access system resources in the operational environment. You need to specify only those permissions that are not included in the default set (see section 11.2 of the Connector specification). For example, to allow the resource to look up the name of any remote host, add the following security permission:</li></div>
<a name="wp439932"> </a><p class="pBodyRelative">
<code class="cCode"> permission java.net.SocketPermission *, &quot;resolve&quot;;</code>
</p>
<a name="wp439933"> </a><p class="pBodyRelative">
For each security permission you add, click the column to the far right labelled with a folded paper to enter a description for the permission. To delete a security permission, select the permission in the table and click Delete.
</p>
</ol></div>
    </blockquote>

   <img src="images/blueline.gif" width="550" height="8" ALIGN="BOTTOM" NATURALSIZEFLAG="3" ALT="Divider">


    <table width="550" summary="layout" id="SummaryNotReq1">
      <tr>
	<td align="left" valign="center">
	<font size="-1">
	<a href="http://java.sun.com/j2ee/1.4/download.html#tutorial" target="_blank">Download</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/faq.html" target="_blank">FAQ</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/history.html" target="_blank">History</a>
	</td>
        <td align="center" valign="center">
<a accesskey="p" href="Security9.html"><img id="LongDescNotReq1" src="images/PrevArrow.gif" width="26" height="26" border="0" alt="Prev" /></a><a accesskey="c" href="J2EETutorialFront.html"><img id="LongDescNotReq1" src="images/UpArrow.gif" width="26" height="26" border="0" alt="Home" /></a><a accesskey="n" href="Security11.html"><img id="LongDescNotReq3" src="images/NextArrow.gif" width="26" height="26" border="0" alt="Next" /></a><a accesskey="i" href="J2EETutorialIX.html"></a>
        </td>
	<td align="right" valign="center">
	<font size="-1">
	<a href="http://java.sun.com/j2ee/1.4/docs/api/index.html" target="_blank">API</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/search.html" target="_blank">Search</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/sendusmail.html" target="_blank">Feedback</a></font>
	</font>
	</td>
      </tr>
    </table>

    <img src="images/blueline.gif" width="550" height="8" ALIGN="BOTTOM" NATURALSIZEFLAG="3" ALT="Divider">

<p><font size="-1">All of the material in <em>The J2EE(TM) 1.4 Tutorial</em> is 
<a href="J2EETutorialFront2.html">copyright</a>-protected and may not be published in other works
without express written permission from Sun Microsystems.</font>

  </body>
</html>