InfoCenter Home > 5.1.3.1: Securing applications and resourcesWebSphere supports the J2EE model for creating, assembling, securing, and deploying applications. This document provides a high-level description of what is involved in securing resources in a J2EE environment. Resources are secured by doing the following:
Applications are often created, assembled and deployed in different phases and by different teams. Application-component providersComponent providers create enterprise beans, servlets, JSP files, HTML files, and related components. These components are packaged into J2EE modules for containers that can support them. Enterprise-bean modules contain enterprise-bean class files and a deployment descriptor. These modules are packaged as standard JAR files, using the .jar extension. Web modules contain servlets, JSP pages, HTML pages, GIFs, and other, and also include a deployment descriptor. These modules are packaged as Web archive files, JAR files with a .war extension. Enterprise bean and Web modules can be assembled into enterprise-application modules. These modules are packaged as enterprise archive files, JAR files with a .ear extension.
The component provider specifies most of the configuration meta-information
for the components, including the security attributes, in the deployment
descriptors. These attributes identify roles, specify the methods that are
associated with the roles, the Application assemblersApplication assemblers combine J2EE modules, resolve references between them, and create from them a single deployment unit, typically a .ear file. A tool like AAT is also used to accomplish these tasks. Component providers and application assemblers can be the same people, but they do not have to be. DeployersDeployers links entities referred to in an enterprise application to the run-time environment. One of the important tasks the deployer performs is mapping actual users and groups to the application's roles. The deployer installs the enterprise application into the environment and makes the final adjustments needed to run the application. Most of the steps in creating J2EE applications involve deployment descriptors; the deployment descriptors play a central role in application security in a J2EE environment. |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|