Communication Security for the Web
Container
For this communication channel, communication is initiated by a Web application client, such as a Web browser. The access request coming from the Web application client is passed through the Internet Communication Manager (ICM) for load balancing and is then forwarded to the Web applications (WARs) running in the Web container of the AS Java. The Web applications then access business objects using Enterprise Java Beans (EJBs) from the EJB Container. The EJBs in turn access the actual data in the persistence layer.
For an overview of the communication flow, see the figure below.
Communication Flow for Web Container
The table below presents an overview of the security-relevant information for each of the communication paths.
Communication Path |
Protocol Used |
Type of Data Transferred |
Available Security Protection |
Front-end client using Web application client to application server |
HTTP |
● Authentication information ● All application data |
Secure Socket Layer (SSL) |
Web application to Enterprise Java Bean |
P4 IIOP |
· All application data ● Data about propagation of security credentials |
Secure Socket Layer (SSL) |
EJB to persistence layer |
JDBC LDAP RFC |
· All application data · Authentication data when accessing persistence layers or remote servers |
Driver dependent encryption for JDBC SSL for LDAP SNC for RFC |
See also:
Authentication and Single Sign-On
●
Authentication
for Web Based Access
●
Using Login
Modules to Protect Web Applications