J2EE Security for Servlets, EJBs, and Web Services

The Security Problem. Computers, Networks and the Internet. Security Concepts. Security Attacks. System Vulnerabilities. Toward the Solution. Summary. Further Reading.

Packaging of Java Platform. Evolution of Java. Java Security Model. J2SE Platform. J2EE Platform. Summary. Further Reading.

Example Programs and crypttool. Cryptographic Services and Providers. Cryptographic Keys. Encryption and Decryption. Message Digest. Message Authentication Code. Digital Signature. Key Agreement. Summary of Cryptographic Operations. Cryptography with crypttool. Limited versus Unlimited Cryptography. Performance of Cryptographic Operations. Practical Applications. Legal Issues with Cryptography. Summary. Further Reading.

Digital Certificates. Managing Certificates. Certification Authority. PKI Architectures. Java API for PKI. Applications of PKI. PKI Use-Cases. Summary. Further Reading.

A Quick Tour of Java Access Control Features. Access Control Requirements for the Java Platform. User Identification and Authentication. Policy-Based Authorization. Developing a Login Module. Applying JASS to a Sample Application. Performance Issues. Summary. Further Reading.

Brief Overview of SSL. Java API for SSL. KeyManager and TrustManager APIs. Understanding SSL Protocol. HTTP over SSL. RMI Over SSL. Performance Issues. Trouble Shooting. Summary. Further Reading.

Message Security Standards. A Brief Note on Handling XML. XML Signature. Java API for XML Signature. XML Encryption. Java API for XML Encryption. XML Signature and Encryption Combinations. Summary. Further Reading.

Sample Application Using RMI. Security from Downloaded Code. SSL for Transport Security. RMI and Access Control. Summary. Further Reading.

Java Web Applications. Apache Tomcat. A Simple Web Application: RMB. Security Requirements. User Authentication Schemes. Web Container Security Features. HTTPS with Apache Tomcat. Common Vulnerabilities. Summary. Further Reading.

A Brief Overview of EJBs. Working with WebLogic Server 7.0. EJB Security Mechanisms. Declarative Security for EJBs. Declarative Security Example. EJB Security and J2SE Access Control. Summary. Further Reading.

Web Services Standards. Web Services In Java. Apache Axis. Servlet Security for Web Services. SSL Security for Web Services. WS Security. WS Security with Apache Axis. Summary. Further Reading.

Technology Stack. Authentication and Authorization. Distributed Application Security. Comprehensive Security.