Go to main content

The definitive guide to security in Jakarta EE : securing Java-based enterprise applications with Jakarta security, authorization, authentication and more / Arjan Tijms, Teo Bais, Werner Keil.

Tijms, Arjan, author.; Bais, Teo, author.; Keil, Werner, author.
2022
QA76.9.A25
Available Online
Formats
Format
BibTeX
MARCXML
TextMARC
MARC
DublinCore
EndNote
NLM
RefWorks
RIS
Add to Basket
Cite
Citation

Linked e-resources

Linked Resource
Online Access
Concurrent users
Unlimited
Authorized users
Authorized users
Document Delivery Supplied
Can lend chapters, not whole ebooks

Details

Title
The definitive guide to security in Jakarta EE : securing Java-based enterprise applications with Jakarta security, authorization, authentication and more / Arjan Tijms, Teo Bais, Werner Keil.
Author
Tijms, Arjan, author.
ISBN
9781484279458 (electronic bk.)
148427945X (electronic bk.)
1484279441
9781484279441
DOI
https://doi.org/10.1007/978-1-4842-7945-8
Published
New York, NY : Apress, [2022]
Language
English
Description
1 online resource (652 pages) : color illustrations
Item Number
10.1007/978-1-4842-7945-8 doi
Call Number
QA76.9.A25
Dewey Decimal Classification
005.8
Summary
Refer to this definitive and authoritative book to understand the Jakarta EE Security Spec, with Jakarta Authentication & Authorization as its underlying official foundation. Jakarta EE Security implementations are discussed, such as Soteria and Open Liberty, along with the build-in modules and Jakarta EE Security third-party modules, such as Payara Yubikey & OIDC, and OmniFaces JWT-Auth. The book discusses Jakarta EE Security in relation to SE underpinnings and provides a detailed explanation of how client-cert authentication over HTTPS takes place, how certifications work, and how LDAP-like names are mapped to caller/user names. General (web) security best practices are presented, such as not storing passwords in plaintext, using HTTPS, sanitizing inputs to DB queries, encoding output, and explanations of various (web) attacks and common vulnerabilities are included. Practical examples of securing applications discuss common needs such as letting users explicitly log in, sign up, verify email safely, explicitly log in to access protected pages, and go direct to the log in page. Common issues are covered such as abandoning an authentication dialog halfway and later accessing protected pages again. What You Will Learn Know what Jakarta/Java EE security includes and how to get started learning and using this technology for today's and tomorrow's enterprise Java applications Secure applications: traditional server-side web apps built with JSF (Faces) as well as applications based on client-side frameworks (such as Angular) and JAX-RS Work with the daunting number of security APIs in Jakarta EE Understand how EE security evolved Who This Book Is For Java developers using Jakarta EE and writing applications that need to be secured (every application). Basic knowledge of Servlets and CDI is assumed. Library writers and component providers who wish to provide additional authentication mechanisms for Jakarta EE also will find the book useful.
Note
Includes index.
Access Note
Access limited to authorized users.
Added Author
Bais, Teo, author.
Keil, Werner, author.
Available in Other Form
The Definitive Guide to Security in Jakarta EE
Linked Resources
Online Access
Record Appears in
Online Resources > Ebooks
All Resources
Intro
Table of Contents
About the Authors
About the Technical Reviewer
Chapter 1: Security History
The Beginning
Enter Jakarta EE
Enter Jakarta Authorization
Enter Jakarta Authentication
Foreshadowing Shiro Part I
IL DRBAC
Enter Spring Security
Where is Jakarta Authentication? Enter JAuth
Foreshadowing Shiro Part II
JSecurity
Jakarta Authentication
Edging closer
Jakarta Authentication
Finally in Jakarta EE
Enter OmniSecurity
Enter Jakarta Security
Chapter 2: Jakarta EE Foundations
Physical Security
Technological Security

Application Security
OS Security
Network Security
Policies and Procedures
Key Principles of Security
Features of a Security Mechanism
Distributed Multitiered Applications
Single-Tier vs. Multitiered Applications
The Jakarta EE Approach
Security in Jakarta EE
Simple Application Security Walkthrough
Looking Ahead
Authentication
Something You Know
Something You Have
Something You Are
Latest Trends in Authentication Methods
Authentication Examples in Practice
Authenticating Users Programmatically
Authorization
Access Control Lists

Access Control Models
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Role-Based Access Control (RBAC)
RBAC (Role-Based Access Control)
Benefits of RBAC
RBAC - Key Principles
RBAC in Jakarta EE
Users, Groups, and Roles
What Is a User?
What Is a Group?
What Is a Role?
Digital Certificates
What Is a Digital Certificate
Introduction to TLS
Who Can Issue Certificates?
Self-Signing a Certificate
Certificate Authority
Looking Ahead
Authentication Mechanisms
What Is an Authentication Mechanism?

What Does an Authentication Mechanism Specify?
Jakarta EE Authentication Mechanisms
Basic Authentication
What Is
How It Works
How to Configure It
Form-Based Authentication
What Is
How It Works
How to Configure It
Digest Authentication
What Is
How It Works
How to Configure It
Client Authentication
What Is
How It Works
How to Configure It
Custom Form Authentication
What Is
How to Define It
Identity Stores
What Is an Identity Store?
What Is the Purpose of an Identity Store?
Identity Store and Jakarta EE

IdentityStore - Theory of Operation
Validating Credentials
Retrieving Caller Information
Declaring Capabilities
How to Validate a User Credential
Looking Ahead
Chapter 3: Jakarta Authentication
What Is Jakarta Authentication?
Jakarta Authentication in Jakarta EE
The Authentication Mechanism
The Basic Authentication Mechanism
The Form Authentication Mechanism
Jakarta Authentication's ServerAuthModule
Example ServerAuthModule
Example ServerAuthModule - GlassFish
Example ServerAuthModule - Tomcat
Example ServerAuthModule - Basic

Browse Subjects

Show more subjects...

Statistics

from
to
Export