Security of the EJB Bank Account sample

We recommend that you run the Bank Account sample in a secure environment. However, in order to simplify the installation process, you may choose not to do so at first. If you don't want to activate the secure environment immediately, set the XEJB system initialization parameter to 'NO' and skip the rest of this section. To activate the secure environment at a later date, follow the instructions in the rest of this section.

You can implement security for the sample in a number of ways. For example, you can use any of the following alternatives:
Note:
  1. By default, the Bank Account application does not require the user to be authenticated at the Web-tier. You can choose to activate authentication in the Web container by following your application server's instructions. If you do authenticate in the Web tier, the security principle is not propagated to CICS, so in terms of CICS security it has no effect. However, early authentication in the Web-tier could be used to create a “protection domain” under which CICS trusts the Web-tier not to allow unauthenticated users to invoke business methods on CICS enterprise beans.
  2. In order to use SSL encryption or authentication, you require a J2EE-compliant Web application server that fully supports SSL. Consult your vendor's documentation for further details.
  3. For more information about SSL authentication, see the CICS® RACF® Security Guide.
Whichever authentication method you choose, you need (among other things) to:
  1. Provide authorisation information in the deployment descriptor of the enterprise bean in CICS. This authorisation information consists of:
    A “security role” element
    Identifies a class of user who is allowed to perform a given action or use a given resource.
    A “method permission” element
    Identifies specific methods of the enterprise bean that members of the specified security role are authorised to use.
  2. Update your CICS external security manager (ESM) to map the specified security role to a number of real user IDs. The following step-by-step instructions for implementing security assume that your ESM of choice is RACF. If you use a different ESM, please consult your ESM vendor for guidance.