Assigna security role to users in the realm.
Toassign a security role to a user, add a security-role-mapping element to the deployment
descriptorthat you modied in Step 4.
Thefollowing example shows a security-role-mapping element that assigns the security role
Employeeto user Calvin.
<security-role-mapping>
<role-name>Employee</role-name>
<principal-name>Calvin</principal-name>
</security-role-mapping>
Introduction to Certicates and SSL
Thefollowing topics are discussed in this section:
“AboutDigital Certicates” on page 108
“AboutSecure Sockets Layer” on page 109

About Digital Certicates

Digitalcerticates (or simply certicates) are electronic les that uniquely identify people and
resourceson the Internet. Certicates also enable secure, condential communication between
twoentities.
Thereare dierent kinds of certicates, such as personal certicates, used by individuals, and
servercerticates, used to establish secure sessions between the server and clients through
securesockets layer (SSL) technology. For more information on SSL, see “About Secure Sockets
Layer”on page 109.
Certicatesare based on public key cryptography, which uses pairs of digital keys (very long
numbers)to encrypt, or encode, information so it can be read only by its intended recipient. The
recipientthen decrypts (decodes) the information to read it.
Akey pair contains a public key and a private key. The owner distributes the public key and
makesit available to anyone. But the owner never distributes the private key; it is always kept
secret.Because the keys are mathematically related, data encrypted with one key can be
decryptedonly with the other key in the pair.
Acerticate is like a passport: it identies the holder and provides other important information.
Certicatesare issued by a trusted third party called a Certication Authority (CA). The CA is
analogousto passport oce: it validates the certicate holder's identity and signs the certicate
sothat it cannot be forged or tampered with. Once a CA has signed a certicate, the holder can
presentit as proof of identity and to establish encrypted, condential communications.
5
IntroductiontoCer ticatesand SSL
SunGlassFishEnterprise Ser ver2.1 Administration Guide • December 2008108