Enterprise Java Security Directions

Contents

  1. Enterprise Java Security Directions
  2. Trademarks
  3. Talk Outline
  4. Enterprise Java Beans
  5. Multi-Tier Model
  6. J2EE and EJB
  7. What is it?
  8. Services Provided By An EJB Container
  9. Simplified Definition**
  10. EJB Components
  11. Remote Method Invocation
  12. What is a Transaction Monitor?
  13. EJB Roles
  14. Development / Deployment Process
  15. Enterprise Bean Provider
  16. Example Automobile Bean
  17. Classes and Interfaces: Home interface
  18. Classes and Interfaces: Remote Interface
  19. Classes and Interfaces: Bean class
  20. FYI - EJB Flavors
  21. Classes and Interfaces: Primary key
  22. Example: Remote Interface Automobile Bean
  23. Example: Home Interface Automobile Bean
  24. Example: EJB Automobile Bean
  25. Example: EJB (continued) Automobile Bean
  26. EJB Security
  27. EJB Security
  28. Objectives
  29. 4 Perspectives of EJB Security
  30. Policy Based Authorization: Bean Provider
  31. Policy Based Authorization: Application Assembler
  32. Application Assembler*
  33. Application Assembler*
  34. Application Assembler: Security Roles
  35. Application Assembler: Defining Role Names
  36. Application Assembler: Method Permissions
  37. Application Assembler: Method Permissions
  38. Application Assembler: Method Permissions
  39. Policy Based Authorization: Deployer
  40. Policy Based Authorization: Deployer
  41. Policy Based Authorization: Deployer
  42. Policy Based Authorization: EJB Container Provider
  43. Policy Based Authorization: System Administrator
  44. 4 Perspectives of EJB Security
  45. Application Security APIs: Bean Provider
  46. Application Security APIs: Bean Provider
  47. Deployment Descriptor: Security-Role-Ref
  48. isCallerInRole example
  49. Deployment Descriptor: Security-Role-Ref
  50. Application Security APIs: Application Assembler
  51. Deployment Descriptor: Defining Role Names
  52. Deployment Descriptor: Method Permissions
  53. Deployment Descriptor: Role-Ref / Role Linking
  54. 4 Perspecties of EJB Security
  55. Delegation: Bean Provider
  56. Delegation: Deployer
  57. Delegation: EJB Container Provider
  58. EJB Client
  59. 4 Perspectives of EJB Security
  60. Architecture / Implementation
  61. Bean Provider: Programming Restrictions
  62. Bean Provider: Programming Restrictions - Java 2
  63. Deployer
  64. EJB Container Provider
  65. EJB Container Provider
  66. System Administrator
  67. Java Authentication and Authorization Services (JAAS)
  68. What is JAAS?
  69. Key elements:
  70. Java 2 Standard Edition Security: Review
  71. CodeSource
  72. Policy
  73. Sample Java 2 Policy
  74. ProtectionDomain
  75. Classes, ProtectionDomains & Permissions
  76. Example Guard on Protected Resource
  77. The GetProperty Example
  78. Threads of Execution in Java
  79. Check of Current Thread
  80. Determining the Permission Set of a Thread
  81. Authorization - Permissions
  82. Authorization - Permissions
  83. Authorization - Permissions
  84. Lexical Scoping of Privilege Modification
  85. Why Privileged Code?
  86. The Privileged Code Mechanism
  87. Example Privileged Code
  88. Example - Anonymous Inner Class
  89. AccessController Algorithm - Stage 1 Build AccessControlContext
  90. AccessController Algorithm - Stage 2
  91. JAAS / J2SE Authorization Relationship
  92. Sample JAAS Policy
  93. Sample JAAS Policy - Roles
  94. Example doAs()
  95. Subject.doAs() Effect
  96. Example scenario
  97. Augmented with doAs()
  98. Another doAs() scenario
  99. Another doAs() scenario (con't)
  100. Summary
  101. Example: EJB Authorization Using JAAS
  102. EJBRole
  103. EJBMethodPermission
  104. EJBPrivilegedAction
  105. EJBPrivilegedAction
  106. Build an EJB Subject
  107. EJB Method Authorization and Invocation
  108. Server Managed Security Policy
  109. Security Policy - Reference
  110. Security Policy - Configuration
  111. Security Policy - Policy class
  112. Security Policy - Keystore
  113. Summary
  114. Resources