Show Table of Contents
1.4. Security for the J2EE Developer
Application level security falls in the hands of the J2EE Developer. Even this can be divided into three separate roles:
- Application Developer - responsible for security at the development level and for defining the roles, rules and business logic into the application logic.
- Application Assembler - responsible for ensuring that the packaging of EAR's and WAR's is done so that cross-application vulnerabilities are minimized.
- Application Deployer - responsible for securing the deployment of EAR's and assigning and maintaining access control lists.
It is not uncommon for all three roles to be played by the same set of developers.
JBoss EAP 6, as a component platform, provides declarative security. Rather than embed security logic into a business component, you describe the security roles and permissions in a standard XML descriptor. This way, business level code is isolated from the security code. Read more about declarative security in JBoss EAP 6 here Section 2.4, “About Declarative Security”.
Declarative security is bolstered by programmatic security. J2EE developers can use J2EE APIs in code to determine authorization and enforce enhanced security.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.