Enterprise Security with EJB and CORBA

Enterprise Security with EJB and CORBA

by Bret Hartman, Konstantin Beznosov, Donald J. Flinn

"Leveraging their strong implemention and standards committee experience, the authors have delivered the definitive guide to enterprise distributed object security."
—Wing K. Lee, Sprint, Enterprise Security with EJB and CORBA

With e-business and distributed components comes the need for a bold new approach to security solutions. Setting out to resolve the

…  See more details below


"Leveraging their strong implemention and standards committee experience, the authors have delivered the definitive guide to enterprise distributed object security."
—Wing K. Lee, Sprint, Enterprise Security with EJB and CORBA

With e-business and distributed components comes the need for a bold new approach to security solutions. Setting out to resolve the security challenges of today's networked world, this book shows developers how to harness the power of EJB and CORBA to secure each and every system level—from Web browsers to mid-tier components to legacy systems.

You'll get real-world techniques for building secure applications using EJB and CORBA components and learn about existing and emerging technologies, architectures, and implementations, including how to choose the right ones for your specific needs.

You'll also find an e-commerce example that will help you understand the various topics discussed, including:

  • Security technologies, from Web security to mid-tier and database security
  • Interoperability of cross-domain components, and how to modify architectures for security
  • Interoperability of EJB and CORBA components, and how to make them work together securely
  • How to protect applications using the RAD architecture
  • Using rights, attributes, domains, and delegation
  • The companion Web site contains:
  • The code for the e-commerce example in the book
  • Additional examples and product information

Read More

Editorial Reviews

Presents techniques for building secure e-commerce applications using Enterprise JavaBeans (EJB) and Common Object Request Broker Architecture (CORBA). The authors describe the contents of the relevant specifications and explain how to write the proper code for the specifications. They also address the important concern of the interoperability of EJB and CORBA applications. Annotation c. Book News, Inc., Portland, OR (booknews.com)

Product Details

Publication date:
OMG Series, #15
Product dimensions:
7.51(w) x 9.23(h) x 0.91(d)

Read an Excerpt

Chapter 1: An Overview of Enterprise Security Integration

This chapter explores groundbreaking technology that supports rapid deployment of secure e-business applications. This technology, based on the integration of distributed component computing and information security, represents new power to mount secure, scalable e-business services. We begin by discussing the basic relationship between security and components. We then describe how security enables new e-business applications that were not previously feasible and how e-business solutions create new security responsibilities. Next, we describe the many challenges of enforcing security in component-based applications. Finally, we introduce Enterprise Security Integration (ESI), which we use to tie together many different security technologies, and as a result, provide the framework for building secure component architectures.

Components and Security

Application servers, which provide a convenient environment for building component-based distributed business applications, are now widely available. Most middleware vendors have application server products on the market today. Application servers provide environments for building and deploying components.

A component, is the fundamental building block of distributed software applications. Each component has one or more interfaces that provide the points of entry for calling programs. An interface, which is defined in terms of operations (also called methods), encapsulates a component and ensures that a component is modular. That is, a developer may replace one implementation of a component for another, and as long as the new component preserves the interface and expected behavior of the old one, there will be no impact on programs that use the component. Figure 1.1 illustrates the component architecture.

Component architectures include a rich runtime environment called a container. Containers provide an array of application services that allow the application developer to concentrate on building the application rather than the supporting infrastructure.

In the Java world, the Enterprise JavaBeans (EJB) specification, which is part of the Java 2 Enterprise Edition (J2EE) from Sun Microsystems, has gained broad acceptance as the standard for Java server component architectures. Products based on the EJB specification have compelling advantages: They shield application developers from many of the low-level component service details (such as transactions and security), they enable enterprise Beans to be moved to another environment with minimal effort, and they are interoperable with other EJB products.

Beyond Java, the Object Management Group (OMG) has defined the Common Object Request Broker Architecture (CORBA) Component Model. The CORBA Component Model, which has been designed to be consistent with EJB, extends the notion of EJB to allow components to be built in other languages, such as C++. Fully compliant EJB products also support the OMG Internet Inter-ORB Protocol (IIOP), allowing EJB components and CORBA components to interoperate. Because application servers are targeted at enterprise deployment, it's no surprise that security is generally addressed in these architectures. Without a good security solution protecting corporate data on an application server, most businesses would not be willing to make their data accessible to Internet Web clients.

Distributed component computing and information security are complex technologies that are naturally in conflict. A distributed environment makes data widely accessible and thus introduces potential security holes at multiple points in the enterprise. Security protection confines systems and reduces data accessibility. As a result, distributed systems require trade-offs between the degree of distributed computing and the degree of security. Technologies are resolving the conflict between distributed computing and security, particularly in EJB and CORBA. This book explores how deploying security services in support of EJB and CORBA address security integration. This book addresses an audience of enterprise technical managers, software architects, security architects, software developers, and security administrators-particularly those now moving to distributed environments and those new to the issues of information security. We explore new ways of thinking about information security in distributed environments-focusing on how to develop practical, comprehensive approaches using new and existing technologies.

Security as an Enabler for E-Business Applications

Corporations are discovering the power of online services to increase customer loyalty, support sales efforts, and manage internal information. The common thread in these diverse efforts is the need to present end users with a unified view of information stored in multiple systems, particularly as organizations move from static Web sites to the transactional capabilities of electronic commerce. To satisfy this need, legacy systems are being integrated with powerful new e-business- -based applications that provide broad connectivity across a multitude of back-end systems. These unified applications bring direct bottomline benefits. For example: On the Internet. A bank cements relationships with commercial customers by offering increased efficiency with online currency trading. This service requires real-time updates and links to back-office transactional and profitability analysis systems...

Read More

Customer Reviews

Average Review:

Write a Review

and post it to your social network


Most Helpful Customer Reviews

See all customer reviews >