Understanding Users, Groups, Roles, and Realms

Note – Users and groups are designated for the entire Enterprise Server, whereas each application defines its own roles. When the application is being packaged and deployed, the application specifies mappings between users/groups and roles, as illustrated in the following figure.

FIGURE 9–1Role Mapping

Users

A user is an individual (or application program) identity that has been defined in the Enterprise Server. A user can be associated with a group. The Enterprise Server authentication service can govern users in multiple realms.

Groups

A Java EE group (or simply group) is a category of users classified by common traits, such as job title or customer profile. For example, users of an e-commerce application might belong to the customer group, but the big spenders would belong to the preferred group. Categorizing users into groups makes it easier to control the access of large numbers of users.

Chapter 9 • Configuring Security

105

Page 105
Image 105
Sun Microsystems 820433510 manual Users, Groups