Documentation trang chủ > The Java EE 6 Tutorial > Part VII Security > Chapter 24 Introduction toSecurity in the Java EE Platkhung > Working with Realms, Users, Groups, & Roles > What Are Realms, Users, Groups, và Roles?

What Are Realms, Users, Groups, và Roles?

A realm isa security policy domain name defined for a web or application server. A realmcontains a collection of users, who may or may not be assigned lớn a group.Managing users on the GlassFish Server is discussed in Managing Users and Groups on the GlassFish Server.

Bạn đang xem: Realm là gì

An application will often prompt for a user name & password beforeallowing access to lớn a protected resource. After the user name và passwordhave sầu been entered, that information is passed to lớn the VPS, which eitherauthenticates the user và sends the protected resource or does not authenticatethe user, in which case access khổng lồ the protected resource is denied. This typeof user authentication is discussed in Specifying an Authentication Mechanism in the Deployment Descriptor.

In some applications, authorized users are assigned to roles. In thissituation, the role assigned to lớn the user in the application must be mappedkhổng lồ a principal or group defined on the application server. Figure24–6 shows this. More informationon mapping roles lớn users & groups can be found in Setting Up Security Roles.

The following sections provide more information on realms, users, groups,và roles.

Figure24–6 Mapping Roles to Users & Groups

What Is a Realm?

A realm is a security policy domain name defined for a website or applicationhệ thống. The protected resources on a VPS can be partitioned into a setof protection spaces, each with its own authentication scheme and/or authorizationdatabase containing a collection of users & groups. For a web application,a realm is a complete database of users và groups identified as valid usersof a website application or a phối of web applications & controlled by the sameauthentication policy.

The Java EE hệ thống authentication service can govern users in multiplerealms. The file, admin-realm, & certificate realms come preconfigured for the GlassFish Server.

In the tệp tin realm, the server stores user credentialslocally in a tệp tin named keytệp tin. You can use the Administration Console tomanage users in the file realm. When using the tệp tin realm,the hệ thống authentication service verifies user identity by checking the file realm. This realm is used for the authentication of all clientsexcept for website browser clients that use HTTPS and certificates.

In the certificate realm, the server storesuser credentials in a certificate database. When using the certificate realm,the hệ thống uses certificates with HTTPS khổng lồ authenticate web clients. To verifythe identity of a user in the certificate realm, the authenticationservice verifies an X.509 certificate. For step-by-step instructions for creatingthis type of certificate, see Working with Digital Certificates. The common name field of the X.509 certificate is usedas the principal name.

Xem thêm: Phải Làm Sao Khi Corel X7 Bị Khóa Bản Quyền Coreldraw Các Phiên Bản

The admin-realm is also a tệp tin realm& stores administrator user credentials locally in a file named admin-keyfile. You can use the Administration Console to manage users in this realmin the same way you manage users in the file realm. Formore information, see Managing Users và Groups on the GlassFish Server.

What Is a User?

A user is an individual or application programidentity that has been defined in the GlassFish Server. In a website application,a user can have associated with that identify a phối of roles that entitlethe user lớn access all resources protected by those roles. Users can be associatedwith a group.

A Java EE user is similar to an operating system user. Typically, bothtypes of users represent people. However, these two types of users are notthe same. The Java EE server authentication service has no knowledge of theuser name & password you provide when you log in to the operating system.The Java EE VPS authentication service is not connected khổng lồ the securitymechanism of the operating system. The two security services manage usersthat belong to different realms.

What Is a Group?

A group is a mix of authenticated users, classifiedby comtháng traits, defined in the GlassFish Server. A Java EE user of the tệp tin realm can belong to a group on the GlassFish Server. (A user in the certificate realm cannot.) A group on the GlassFish Server is a categoryof users classified by common traits, such as job title or customer profile.For example, most customers of an e-commerce application might belong khổng lồ the CUSTOMER group, but the big spenders would belong khổng lồ the PREFERRED group. Categorizing users into groups makes it easier to controlthe access of large numbers of users.

A group on the GlassFish Server has a different scope from a role. A groupis designated for the entire GlassFish Server, whereas a role is associated onlywith a specific application in the GlassFish Server.

What Is a Role?

A role is an abstract name for the permissionto access a particular set of resources in an application. A role can be comparedkhổng lồ a key that can open a lock. Many people might have sầu a copy of the key. Theloông xã doesn’t care who you are, only that you have sầu the right key.

Some Other Terminology

The following terminology is also used lớn describe the security requirementsof the Java EE platform:

Security attributes: Amix of attributes associated with every principal. The security attributeshave sầu many uses: for example, access lớn protected resources and auditing ofusers. Security attributes can be associated with a principal by an authenticationprotocol.