Securing the Application Server
This tutorial describes deployment to the Sun Java System Application Server, which provides highly secure, interoperable, and distributed component computing based on the Java EE security model. The Application Server supports the Java EE 5 security model. You can configure the Application Server for the following purposes:
- Adding, deleting, or modifying authorized users. For more information on this topic, read Working with Realms, Users, Groups, and Roles.
- Configuring secure HTTP and IIOP listeners.
- Configuring secure JMX connectors.
- Adding, deleting, or modifying existing or custom realms.
- Defining an interface for pluggable authorization providers using Java Authorization Contract for Containers (JACC).
Java Authorization Contract for Containers (JACC) defines security contracts between the Application Server and authorization policy modules. These contracts specify how the authorization providers are installed, configured, and used in access decisions.
- Using pluggable audit modules.
- Setting and changing policy permissions for an application.
The following features are specific to the Application Server:
Note: To make changes to the Application Server, use the Admin Console, never edit the Application Server's deployment descriptors.
For more information about the Application Server in this tutorial, read Sun Java System Application Server Platform Edition 9 (page 26).
For more information about configuring the Application Server, read the Application Server's Developer's Guide and Administration Guide. Links to both of these documents are provided in Further Information.
All of the material in The Java™ EE 5 Tutorial is copyright-protected and may not be published in other works without express written permission from Sun Microsystems.