Question

Describe the security behavior of a Java Enterprise Edition environment by explaining how native authentication and authorization services are deployed step-by-step when a web client requests access to protected resources on a web server. Please use APA format accurately to get full points.

Answer 1

Step 1

• Any enterprise with either of sensitive resources that can be obtained by multiple users or through the insecure, open networks, such as the Internet, should to be secured.
• Enterprise Tier and Web Tier applications are been made up of modules that are deployed in a variety of the containers. These units are integrated for creating a multi-tier business application. Component security is been provided here by their containers.
• Java Enterprise Edition contains a Security API framework which will specify portable, plug-in encryption and identity store interfaces, and a modern, injectable Security Context interface that provides a programmatic authentication at the entry point.

Step 2

Authentication and Authorization (step by step explaination) :

• First step will be the initiation of the request which would be from the Client to the server in the Web.As the client have not authorized itself to the application system, the server which is involved in providing the web part of the application, hereafter referred to as the web server, recognizes this and it conveys the necessary authentication for this function.
• Second step would be the Initiation of the Authentication. The web server provides a method which the web client uses to gather authentication of the data, such as user name and password, from the user. The web client will transmit the authorization data to the web server where it's been verified by the web server. After the authentication, the web server sets the user's authentication.
• Third step will be URL would be authorized.The web server collaborates with the web resource security policy for evaluating the security roles which would allow access to this information. The security policy is got from descriptions or a deployment provider.
• Fourth step would be the accepting of the request. When the user is allowed, the address URL of the web page is provided, allowing the user to post configuration file that is required to be managed by the business-logic element of the program.
• Fifth step would be starting the business methods. The web page makes the virtual call to the enterprise which is been using the user's authentication to establish a secure link between the web page and the enterprise bean. The output of the bean execution of the call will be transmitted to the web page and later on to the user by the web server and the web client.

Step 3

Features of this environment will be:

• Prevent unauthorized access to application and also company or the personal information (authentication).
• Keep the device users which is responsible for their activities.
• Ensure protection to the system against interruptions of service and also other breaches which is affecting the quality service.