Customized EJB security in JBoss
The current EJB (Enterprise JavaBeans) specification supports basic declarative, role-based access-control mechanisms, but provides limited support for coding application-specific security checks. Moreover, it doesn't define any way to factor out access-control code from business logic, or to integrate external authorization services. The open source, J2EE-compliant (Java 2 Platform, Enterprise Edition) JBoss application server features a protection-proxy security architecture that will help you overcome these restrictions.
Integrate security infrastructures with JBossSX
The current Enterprise JavaBean and Servlet specifications omit integration between the application server and existing security infrastructures. This article describes how version 2.4 of the open source JBoss application server security extension project (JBossSX) uses Java Authentication and Authorization Service (JAAS) login modules as its integration API. JAAS allows for integration without programming, using security infrastructures that use Java Database Connectivity, the lightweight directory access protocol (LDAP), or properties-based login modules bundled with JBoss. For security infrastructures that do not support those access mechanisms, integration entails writing a simple custom login module.
Using LDAP to Secure J2EE Applications
An increasing number of systems now use LDAP-based directory
services in order to provide an integrated authentication and
authorization-based security mechanism for enterprise
applications. It would be a great convenience to the
application developer to be able to create a testing
environment from within IBM WebSphere Studio Application
Developer (Application Developer) to test authentication and
authorization using an LDAP registry.
