J2EE Security for Servlets, EJBs, and Web Services - Pankaj Kumar

J2EE Security for Servlets, EJBs, and Web Services

(Autor)

Buch | Softcover
464 Seiten
2003
Prentice Hall (Verlag)
978-0-13-140264-5 (ISBN)
39,51 inkl. MwSt
  • Titel ist leider vergriffen;
    keine Neuauflage
  • Artikel merken
This guide provides applied security techniques for J2EE programmers and developers. It explains security concepts in simple terms and relates these to standards, Java APIs, software products and day-to-day job activities of programmers.
Dealing with security issues continues to be challenging for programmers and developers. In this book, expert practitioner Pankaj Kumar walks through both the descriptions and resolutions of those security issues that Java professionals will run into while designing, building, deploying and operating solutions that use J2EE technologies - such as Servlets, EJBs and Web Services. Unlike most books on security, Kumar covers security concepts such as authentication, authorization, confidentiality, integrity and non-repudiation in the context of security standards, Java APIs and software products implementing these technologies, while demonstrating how to use these in creating solutions.

PANKAJ KUMAR is Software Architect at Hewlett-Packard's Web Services Management Organization and has worked extensively in the area of middleware and security. He has presented on Java and Web services technologies at events ranging from SD West and SD Forum to HP World.

I. THE BACKGROUND.

1. A Security Primer.


The Security Problem. Computers, Networks and the Internet. Security Concepts. Security Attacks. System Vulnerabilities. Toward the Solution. Summary. Further Reading.

2. A Quick Tour of the Java Platform.


Packaging of Java Platform. Evolution of Java. Java Security Model. J2SE Platform. J2EE Platform. Summary. Further Reading.

II. THE TECHNOLOGY.

3. Cryptography with Java.


Example Programs and crypttool. Cryptographic Services and Providers. Cryptographic Keys. Encryption and Decryption. Message Digest. Message Authentication Code. Digital Signature. Key Agreement. Summary of Cryptographic Operations. Cryptography with crypttool. Limited versus Unlimited Cryptography. Performance of Cryptographic Operations. Practical Applications. Legal Issues with Cryptography. Summary. Further Reading.

4. PKI with Java.


Digital Certificates. Managing Certificates. Certification Authority. PKI Architectures. Java API for PKI. Applications of PKI. PKI Use-Cases. Summary. Further Reading.

5. Access Control.


A Quick Tour of Java Access Control Features. Access Control Requirements for the Java Platform. User Identification and Authentication. Policy-Based Authorization. Developing a Login Module. Applying JASS to a Sample Application. Performance Issues. Summary. Further Reading.

6. Securing the Wire.


Brief Overview of SSL. Java API for SSL. KeyManager and TrustManager APIs. Understanding SSL Protocol. HTTP over SSL. RMI Over SSL. Performance Issues. Trouble Shooting. Summary. Further Reading.

7. Securing the Message.


Message Security Standards. A Brief Note on Handling XML. XML Signature. Java API for XML Signature. XML Encryption. Java API for XML Encryption. XML Signature and Encryption Combinations. Summary. Further Reading.

III. THE APPLICATION.

8. RMI Security.


Sample Application Using RMI. Security from Downloaded Code. SSL for Transport Security. RMI and Access Control. Summary. Further Reading.

9. Web Application Security.


Java Web Applications. Apache Tomcat. A Simple Web Application: RMB. Security Requirements. User Authentication Schemes. Web Container Security Features. HTTPS with Apache Tomcat. Common Vulnerabilities. Summary. Further Reading.

10. EJB Security.


A Brief Overview of EJBs. Working with WebLogic Server 7.0. EJB Security Mechanisms. Declarative Security for EJBs. Declarative Security Example. EJB Security and J2SE Access Control. Summary. Further Reading.

11. Web Service Security.


Web Services Standards. Web Services In Java. Apache Axis. Servlet Security for Web Services. SSL Security for Web Services. WS Security. WS Security with Apache Axis. Summary. Further Reading.

12. Conclusions.


Technology Stack. Authentication and Authorization. Distributed Application Security. Comprehensive Security.

Appendix A: Public Key Cryptography Standards.
Appendix B: Standard Names—Java Cryptographic Services.
Appendix C: JSTK Tools.
Appendix D: Example Programs.
Appendix E: Products Used For Examples.
Appendix F: Standardization Bodies.
References.
Index.

Erscheint lt. Verlag 18.9.2003
Verlagsort Upper Saddle River
Sprache englisch
Maße 234 x 177 mm
Gewicht 1506 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Informatik Theorie / Studium Kryptologie
Mathematik / Informatik Informatik Web / Internet
ISBN-10 0-13-140264-1 / 0131402641
ISBN-13 978-0-13-140264-5 / 9780131402645
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
34,99
Management der Informationssicherheit und Vorbereitung auf die …

von Michael Brenner; Nils gentschen Felde; Wolfgang Hommel

Buch (2024)
Carl Hanser (Verlag)
69,99

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00