Sun Microsystems 820433510 Server User Manual


  Open as PDF
of 256
 
Assign a security role tousers in the realm.
To assign a security role to a user, add a security-role-mapping element to the deployment
descriptor that you modied in
Step 4.
The following example shows a security-role-mapping element that assigns the security role
Employee to user Calvin.
<security-role-mapping>
<role-name>Employee</role-name>
<principal-name>Calvin</principal-name>
</security-role-mapping>
Introduction to Certicates and SSL
The following topics are discussed in this section:
“About Digital Certicates” on page 108
“About Secure Sockets Layer” on page 109
About Digital Certicates
Digital certicates (or simply certicates) are electronic les that uniquely identify people and
resources on the Internet. Certicates also enable secure, condential communication between
two entities.
There are dierent kinds of certicates, such as personal certicates, used by individuals, and
server certicates, used to establish secure sessions between the server and clients through
secure sockets layer (SSL) technology. For more information on SSL, see
“About Secure Sockets
Layer” on page 109
.
Certicates are based on public key cryptography, which uses pairs of digital keys (very long
numbers) to encrypt, or encode, information so it can be read only by its intended recipient. The
recipient then decrypts (decodes) the information to read it.
A key pair contains a public key and a private key. The owner distributes the public key and
makes it available to anyone. But the owner never distributes the private key; it is always kept
secret. Because the keys are mathematically related, data encrypted with one key can be
decrypted only with the other key in the pair.
A certicate is like a passport: it identies the holder and provides other important information.
Certicates are issued by a trusted third party called a Certication Authority (CA). The CA is
analogous to passport oce: it validates the certicate holder's identity and signs the certicate
so that it cannot be forged or tampered with. Once a CA has signed a certicate, the holder can
present it as proof of identity and to establish encrypted, condential communications.
5
Introductionto Certicatesand SSL
SunGlassFishEnterpriseServer2.1AdministrationGuide • December2008108
 previous next