Define: Authorization is the process by which a program calculates whether a given identity is permitted to access a source such as an application component or a file. Now that you are authenticated, but Are you allowed to use the resource or component you are requesting?

Authorization: Process of calculating what type of access (if any) the security policy gives to a resource by a principal.

Security role: A logical grouping of users who gives a level of access permissions.

Security domain: A scope that describes where a set of security policies are enforced and maintained.

J2EE uses the concept of security roles for both programmatic and declarative access controls. This is distinct from the traditional model.

Permission-based authorization: Typically in permission-based security both resources and users are described in a registry and the association of groups and users with the resources takes place through Access Control Lists (ACL). The maintenance of registry and ACLs needs a security administrator.

Role based authorization: In J2EE role based model, the groups and users of users are still stored in a user registry.  A mapping can also be given between users and groups to the security constraints. This can exist in J2EE applications or a registry themselves can have their own role based security constraints described through deployment descriptors like ejb-jar.xml, web.xml, and/or  application.xml. 

 

Posted Date: 7/27/2012 6:02:44 AM | Location : United States

Ask an Expert

Related Discussions:- Authorization-security compnent, Assignment Help, Ask Question on Authorization-security compnent, Get Answer, Expert's Help, Authorization-security compnent Discussions

Write discussion on Authorization-security compnent
Your posts are moderated

Write your message here..

Related Questions

Write output for the given code of for loop, What is the output of the foll... What is the output of the following code: for (i=0; i { document.write("The number is " + i); document.write(" "); } Output The number is 0 The number is 1 The number i

What is the role of fonts in java explain with example, What is the role of... What is the role of fonts in java explain with example? You've already seen one instance of drawing text in the HelloWorldApplet program of the last chapter. You call the drawS

Complete the specification of chatter, Tasks: Complete the specifica... Tasks: Complete the specification of CHATTER, and specify ChatterLists. Implement these ADTs in Java with an abstract class Chatter and a class ChatterList. Use javado

Hospital management system in java-jsp, Hospital Management System: Te... Hospital Management System: Technology Used Java-JSP, Apache Tomcat (webserver), SQL SERVER 2000. This project is aimed at developing a web-based system for taking records

Homework, Pick your favorite geometry formula (e.g., area of a square, peri... Pick your favorite geometry formula (e.g., area of a square, perimeter of a triangle …) and implement it in Java. Demonstrate your code compiles and runs without issue (You can use

Asynchronous control, Asynchronous control Asynchronous control

data abstiraction, describe data abstractio describe data abstraction

What do you understand by private and public class, What do you understand ... What do you understand by private, protected and public? These are accessibility modifiers. Private is the most restrictive, whereas public is the least restrictive. There is n

Help about java code regarding udp, I need to know waht exactly is happinin... I need to know waht exactly is happining in the following code class Worker implements Runnable { DatagramSocket socket = null; DatagramPacket packet = null; public W

Why you don''t need to import java.lang.*, Why You don't need to import jav... Why You don't need to import java.lang.* There is one exception to the import rule. All classes in the java.lang package are imported by default. Therefore you do not required