EJB Security Overview
As with any distributed object used in security-critical enterprise applications, EJBs must be secured. However, EJB components operate inside a container environment and rely on the container to provide distributed connectivity to an EJB, to create and destroy EJB instances, to passivate and activate EJB instances, to invoke business methods on EJBs, and to generally manage the life cycle of an EJB. Because such control is relinquished to an EJB container/server environment, securing the EJB also relies heavily on the support provided by the EJB container environment. Security mechanisms can distinguish among standard mechanisms required by the J2EE and EJB specifications, mechanisms that are EJB container/server vendor-specific, and mechanisms that may be hand-coded by the EJB developer.
Figure 1 illustrates the basic architecture required for securing EJBs. Standard security mechanisms defined for EJBs are currently largely focused on providing a minimal set of constructs for role-based EJB access control. Standard mechanisms for determining role-based permissions to access EJB methods may be tapped programmatically by EJB components via a few interfaces to the EJB container context, as exposed by the EJB API. Standard EJB method access-control mechanisms can also be defined declaratively with a set of standard XML elements contained in a standard EJB deployment descriptor. Additionally, a few vendor-specific access control features are needed to support the mapping of security roles defined in standard deployment descriptors to principal identities managed by the operational environment.
Figure 1 EJB security architecture.