The Definitive Guide to Security in Jakarta EE: Securing Java-based Enterprise Applications with Jakarta Security, Authorization, Authentication and More (Paperback)
暫譯: Jakarta EE 安全性權威指南:使用 Jakarta Security 保障基於 Java 的企業應用程式、授權、身份驗證及更多 (平裝本)

Tijms, Arjan, Bais, Teo, Keil, Werner

The Definitive Guide to Security in Jakarta EE: Securing Java-based Enterprise Applications with Jakarta Security, Authorization, Authentication and More (Paperback)
  • 出版商: Apress
  • 出版日期: 2022-04-15
  • 售價: $1,900
  • 貴賓價: 9.5$1,805
  • 語言: 英文
  • 頁數: 658
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1484279441
  • ISBN-13: 9781484279441
  • 相關分類: 資訊安全

    • 立即出貨 (庫存 < 3)

買這商品的人也買了...

相關主題

商品描述

Refer to this definitive and authoritative book to understand the Jakarta EE Security Spec, with Jakarta Authentication & Authorization as its underlying official foundation. Jakarta EE Security implementations are discussed, such as Soteria and Open Liberty, along with the build-in modules and Jakarta EE Security third-party modules, such as Payara Yubikey & OIDC, and OmniFaces JWT-Auth.
The book discusses Jakarta EE Security in relation to SE underpinnings and provides a detailed explanation of how client-cert authentication over HTTPS takes place, how certifications work,  and how LDAP-like names are mapped to caller/user names. General (web) security best practices are presented, such as not storing passwords in plaintext, using HTTPS, sanitizing inputs to DB queries, encoding output, and explanations of various (web) attacks and common vulnerabilities are included.
Practical examples of securing applications discuss common needs such as letting users explicitly log in, sign up, verify email safely, explicitly log in to access protected pages, and go direct to the log in page. Common issues are covered such as abandoning an authentication dialog halfway and later accessing protected pages again.


What You Will Learn

- Know what Jakarta/Java EE security includes and how to get started learning and using this technology for today's and tomorrow's enterprise Java applications
- Secure applications: traditional server-side web apps built with JSF (Faces) as well as applications based on client-side frameworks (such as Angular) and JAX-RS
- Work with the daunting number of security APIs in Jakarta EE
- Understand how EE security evolved


Who This Book Is For
Java developers using Jakarta EE and writing applications that need to be secured (every application). Basic knowledge of Servlets and CDI is assumed. Library writers and component providers who wish to provide additional authentication mechanisms for Jakarta EE also will find the book useful.

商品描述(中文翻譯)

參考這本權威且具決定性的書籍,以了解 Jakarta EE 安全規範,並以 Jakarta 認證與授權作為其官方基礎。書中討論了 Jakarta EE Security 的實作,例如 Soteria 和 Open Liberty,以及內建模組和 Jakarta EE Security 的第三方模組,如 Payara Yubikey 和 OIDC,以及 OmniFaces JWT-Auth。
本書探討了 Jakarta EE Security 與 SE 基礎的關係,並詳細解釋了如何透過 HTTPS 進行客戶端證書認證、證書的運作方式,以及如何將類似 LDAP 的名稱映射到呼叫者/用戶名稱。提供了一般(網路)安全最佳實踐,例如不以明文儲存密碼、使用 HTTPS、清理資料庫查詢的輸入、編碼輸出,並包含各種(網路)攻擊和常見漏洞的解釋。
實際的應用程式安全範例討論了常見需求,例如讓用戶明確登錄、註冊、安全驗證電子郵件、明確登錄以訪問受保護的頁面,以及直接前往登錄頁面。涵蓋了常見問題,例如在認證對話框中途放棄,然後再次訪問受保護的頁面。

您將學到的內容:

- 知道 Jakarta/Java EE 安全包含什麼,以及如何開始學習和使用這項技術以應用於當今和未來的企業 Java 應用程式
- 保護應用程式:使用 JSF(Faces)構建的傳統伺服器端網頁應用程式,以及基於客戶端框架(如 Angular)和 JAX-RS 的應用程式
- 處理 Jakarta EE 中眾多的安全 API
- 了解 EE 安全的演變

本書適合對象:
使用 Jakarta EE 並撰寫需要安全性的應用程式(每個應用程式)的 Java 開發人員。假設具備基本的 Servlets 和 CDI 知識。希望為 Jakarta EE 提供額外認證機制的庫撰寫者和元件提供者也會發現本書有用。

作者簡介

Arjan Tijms was a JSF (JSR 372) and Security API (JSR 375) EG member, and is currently project lead for a number of Jakarta projects, including Jakarta- Security, Authentication, Authorization, and Faces and Expression Language. He is the co-creator of the popular OmniFaces library for JSF that was a 2015 Duke’s Choice Award winner, and is the author of two books: The Definitive Guide to JSF- and Pro CDI 2 in Java EE 8. Arjan holds an MSc degree in computer science from the University of Leiden, The Netherlands. He has been involved with Jakarta EE Security since 2010, has created a set of tests that most well-known vendors use (IBM, Oracle, Red Hat) to improve their offerings, was part of the JSR 375 (EE Security) EG, and has been the main architect of the security API and its initial RI implementation Soteria. Arjan has also written and certified the MicroProfile JWT implementation for Payara. He was mentored by Sun's (later Oracle's) security expert Ron Monzillo. He wrote a large series of blog posts about EE Security that have attracted a lot of views.

Werner Keil is a cloud architect, Eclipse RCP, and a microservice expert for a large bank. He helps Global 500 Enterprises across industries and leading IT vendors. He worked for over 30 years as an IT manager, PM, coach, and SW architect and consultant for the finance, mobile, media, transport, and public sectors. Werner develops enterprise systems using Java, Java/Jakarta EE, Oracle, IBM, Spring or Microsoft technologies, JavaScript, Node, Angular, and dynamic or functional languages. He is a Committer at Apache Foundation, and Eclipse Foundation, a Babel Language Champion, UOMo Project Lead, and active member of the Java Community Process in JSRs such as 321 (Trusted Java), 344 (JSF 2.2), 354 (Money, also Maintenance Lead), 358/364 (JCP.next), 362 (Portlet 3), 363 (Unit-API 1), 365 (CDI 2), 366 (Java EE 8), 375 (Java EE Security), 380 (Bean Validation 2), and 385 (Unit-API 2, also Spec Lead), and was the longest serving Individual Member of the Executive Committee for nine years in a row until 2017. Werner is currently the Community representative in the Jakarta EE Specification Committee. He was among the first five Jakarta EE Ambassadors when it was founded as Java EE Guardians, and is a member of its Leadership Council.

Teo Bais is a Software Development Manager, Scrum Master, and Programmer who contributes to the prosperity of the (software) community in several ways. He is the founder and leader of Utrecht Java User Group, which counts over 2600 members and has hosted over 45 events and amazing speakers (among others, James Gosling, Uncle Bob, and over 20 Java Champions), and is running 3 programs: Devoxx4kids, Speaker Incubator and uJCP. Teo served JSR-385 (JSR of the Year 2019) as an EG Member and was nominated as JCP Participant of the Year in 2019. Teo Bais enjoys sharing his knowledge as a public speaker to help others achieve their goals in career and life.

作者簡介(中文翻譯)

Arjan Tijms 是 JSF (JSR 372) 和 Security API (JSR 375) 的專家小組成員,目前負責多個 Jakarta 專案的項目,包括 Jakarta-Security、身份驗證、授權以及 Faces 和表達式語言。他是受歡迎的 OmniFaces JSF 函式庫的共同創作者,該函式庫在 2015 年獲得了 Duke’s Choice Award,並且是兩本書的作者:《JSF 的權威指南》和《Java EE 8 中的 Pro CDI 2》。Arjan 擁有荷蘭萊頓大學的計算機科學碩士學位。他自 2010 年以來一直參與 Jakarta EE Security,創建了一套大多數知名供應商(如 IBM、Oracle、Red Hat)使用的測試,以改善他們的產品,曾是 JSR 375 (EE Security) 的專家小組成員,並且是安全 API 及其初始 RI 實現 Soteria 的主要架構師。Arjan 也為 Payara 編寫並認證了 MicroProfile JWT 實現。他曾受到 Sun(後來是 Oracle)的安全專家 Ron Monzillo 的指導。他撰寫了一系列關於 EE Security 的博客文章,吸引了大量的瀏覽量。

Werner Keil 是一位雲架構師、Eclipse RCP 和大型銀行的微服務專家。他幫助全球 500 強企業跨行業和領先的 IT 供應商。他在 IT 管理、項目經理、教練以及金融、移動、媒體、運輸和公共部門的軟體架構師和顧問方面擁有超過 30 年的工作經驗。Werner 使用 Java、Java/Jakarta EE、Oracle、IBM、Spring 或 Microsoft 技術、JavaScript、Node、Angular 以及動態或函數式語言開發企業系統。他是 Apache 基金會和 Eclipse 基金會的 Committer,還是 Babel 語言冠軍、UOMo 專案負責人,以及 Java 社區過程中 JSR 的活躍成員,如 321 (Trusted Java)、344 (JSF 2.2)、354 (Money,亦為維護負責人)、358/364 (JCP.next)、362 (Portlet 3)、363 (Unit-API 1)、365 (CDI 2)、366 (Java EE 8)、375 (Java EE Security)、380 (Bean Validation 2) 和 385 (Unit-API 2,亦為規範負責人),並且在 2017 年之前連續九年擔任執行委員會的個人成員。Werner 目前是 Jakarta EE 規範委員會的社區代表。他是 Jakarta EE 大使的前五名成員之一,當時它成立為 Java EE Guardians,並且是其領導委員會的成員。

Teo Bais 是一位軟體開發經理、Scrum Master 和程式設計師,通過多種方式為(軟體)社區的繁榮做出貢獻。他是烏特勒支 Java 使用者組的創始人和領導者,該組織擁有超過 2600 名成員,舉辦了超過 45 次活動和精彩的演講者(包括 James Gosling、Uncle Bob 和超過 20 位 Java 冠軍),並運行三個計畫:Devoxx4kids、Speaker Incubator 和 uJCP。Teo 擔任 JSR-385 (2019 年的 JSR) 的專家小組成員,並於 2019 年被提名為 JCP 年度參與者。Teo Bais 喜歡作為公共演講者分享他的知識,幫助他人實現職業和生活中的目標。

類似商品