Conguring Security
Security is about protecting data: how to prevent unauthorized access or damage to it in storage
or transit. The Enterprise Server; has a dynamic, extensible security architecture based on the
Java EE standard. Built in security features include cryptography, authentication and
authorization, and public key infrastructure. The Enterprise Server is built on the Java security
model, which uses a sandbox where applications can run safely, without potential risk to
systems or users. The following topics are discussed:
■
“Understanding Application and System Security” on page 97
■
“Tools for Managing Security” on page 98
■
“Managing Security of Passwords” on page 99
■
“About Authentication and Authorization” on page 102
■
“Understanding Users, Groups, Roles, and Realms” on page 104
■
“Introduction to Certicates and SSL” on page 108
■
“About Firewalls” on page 111
■
“About Certicate Files” on page 111
■
“Using Java Secure Socket Extension (JSSE) Tools” on page 112
■
“Using Network Security Services (NSS) Tools” on page 116
■
“Using Hardware Crypto Accelerator With Enterprise Server” on page 120
Understanding Application and System Security
Broadly, there are two kinds of application security:
■
In programmatic security, application code written by the developer handles security chores.
As an administrator, you don't have any control over this mechanism. Generally,
programmatic security is discouraged since it hard-codes security congurations in the
application instead of managing it through the Java EE containers.
9
CHAPTER 9
97