Skip to content

J2EE Security for Servlets, EJBs, and Web Services

Best in textbook rentals since 2012!

ISBN-10: 0131402641

ISBN-13: 9780131402645

Edition: 2004

Authors: Pankaj Kumar

List price: $49.99
Blue ribbon 30 day, 100% satisfaction guarantee!
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!


bull; bull;Explains security concepts in simple terms and relates these to standards, Java APIs, software products and day-to-day job activities of programmers. bull;Written by a practitioner who participated in the development of a J2EE App Server and Web Services Platform at HP. bull;Applied security measures demonstrated on Java APIs - a unique feature of the book.
Customers also bought

Book details

List price: $49.99
Copyright year: 2004
Publisher: Prentice Hall PTR
Publication date: 9/4/2003
Binding: Paperback
Pages: 464
Size: 7.00" wide x 9.00" long x 1.00" tall
Weight: 1.936
Language: English

The Background
A Security Primer
The Security Problem
Case Studies
Survey Findings
Computers, Networks and the Internet
Security Concepts
Security Attacks
System Vulnerabilities
Toward the Solution
Enabling Technologies
Security Management
Application Security
Further Reading
A Quick Tour of the Java Platform
Packaging of Java Platform
Evolution of Java
Java Security Model
Java Language Security
Access Control
Cryptographic Security
J2SE Platform
J2SE Deployment Technologies
J2EE Platform
Web Centric Architecture
EJB Centric Architecture
Multi-Tier Architecture
Further Reading
The Technology
Cryptography with Java
Example Programs and crypttool
Cryptographic Services and Providers
Algorithm and Implementation Independence
Listing Providers
Installing and Configuring a Provider
Cryptographic Keys
Java Representation of Keys
Generating Keys
Storing Keys
Encryption and Decryption
Java API
Message Digest
Message Authentication Code
Digital Signature
Java API
Key Agreement
Summary of Cryptographic Operations
Cryptography with crypttool
Limited versus Unlimited Cryptography
Performance of Cryptographic Operations
Practical Applications
Legal Issues with Cryptography
Further Reading
PKI with Java
Digital Certificates
Managing Certificates
Windows Certificate Store
Managing Certificates with keytool
Certification Authority
Setting up a Minimal CA
Issuing a Certificate
Summary of Steps
PKI Architectures
Java API for PKI
Certificates and Certification Paths
Certificate Revocation List
Repository of Certificates and CRLs
Building Certification Paths
Validating Certification Paths
Applications of PKI
Secure e-mail Communication
Secure Online Communication
Identification and Authentication
Code Signing
Software License Enforcement
Contract Signing and Record Maintenance
PKI Use-Cases
Server Authentication for Online Transactions
Authenticating a JCE Provider
Further Reading
Access Control
A Quick Tour of Java Access Control Features
Access Control Based on Origin of Code
Access Control Based on Code Signer
Access Control Based on User
Access Control Requirements for the Java Platform
Applets within a Web Browser
Standalone Java Programs
Components within the J2EE Platform
User Identification and Authentication
User Login in a Java Application
Login Configuration
Callback Handler
Running Code on Behalf of a User
Policy-Based Authorization
Java Policy Files
Policy File Syntax
Permission Types
Enforcement of Permissions
Developing a Login Module
JSTK User Account Management System
Login Module JSTKLoginModule
Applying JASS to a Sample Application
The Sample Application
Authentication and Authorization Requirements
JAAS Enabled Sample Application
Performance Issues
Further Reading
Securing the Wire
Brief Overview of SSL
Java API for SSL
Running Programs EchoServer and EchoClient
Mutual Authentication with Self-Signed Certificate
Server Authentication with CA Signed Certificate
KeyManager and TrustManager APIs
Understanding SSL Protocol
Java API for HTTP and HTTPS
Custom Hostname Vetification
Tunneling Through Web Proxies
Performance Issues
Trouble Shooting
Further Reading
Securing the Message
Message Security Standards
A Brief Note on Handling XML
XML Signature
An Example
XML Canonicalization
Exclusive Canonicalization
The Structure of the Signature Element
Java API for XML Signature
VeriSign's TSIK
Infomosaic's SecureXML
XML Encryption
An Example
Structure of the EncryptedData Element
Java API for XML Encryption
XML Encryption with TSIK
XML Signature and Encryption Combinations
Further Reading
The Application
RMI Security
Sample Application Using RMI
Security from Downloaded Code
SSL for Transport Security
RMI and Access Control
Processing Client Logins
Modified main() of the Client and the Server
Intercepting the Method Invocations
Login Configuration and Policy Files
Running the Application
Further Reading
Web Application Security
Java Web Applications
Apache Tomcat
Installing and Running Tomcat
Exploring Tomcat Setup
A Simple Web Application: RMB
Security Requirements
User Identification and Authentication
User Account Systems
Server Authentication
Message Integrity and Confidentiality
Audit Logs
User Authentication Schemes
Basic Authentication Scheme
Digest Authentication Scheme
FORM-Based Authentication Scheme
Certificate-Based Authentication Scheme
Web Container Security Features
Declarative Security
Programmatic Security
HTTPS with Apache Tomcat
Setup for Server Authentication
Setup for Client Authentication
Troubleshooting HTTPS Setup
Performance Issues with HTTPS
Common Vulnerabilities
Command Injection Flaws
Cross-Site Scripting (XSS) Flaws
Further Reading
EJB Security
A Brief Overview of EJBs
Working with WebLogic Server 7.0
Installing BEA WebLogic Server 7.0
Configuring a Domain and Running the Server
Building Echo EJB
Deploying Echo EJB
Running the Client
EJB Security Mechanisms
Transport Security with SSL
EJB Security Context and Programmatic Security
Client Authentication
JNDI Authentication
JAAS Authentication
Declarative Security for EJBs
Declarative Security Example
Overview of the Example
Deployment Descriptors
Building, Deploying and Running the Example Beans
EJB Security and J2SE Access Control
Further Reading
Web Service Security
Web Services Standards
Web Services In Java
Apache Axis
Installing and Running Axis
A Simple Web Service
A Web Service Client
Watching the SOAP Messages
Servlet Security for Web Services
SSL Security for Web Services
WS Security
WS Security with Apache Axis
WS Security Handlers
WS Security Example
Further Reading
Technology Stack
Authentication and Authorization
Distributed Application Security
Comprehensive Security
Public Key Cryptography Standards
Standard Names--Java Cryptographic Services
JSTK Tools
Example Programs
Products Used For Examples
Standardization Bodies