O'Reilly logo

Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management by Ray Lai, Ramesh Nagappan, Christopher Steel

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9. Securing the Web Tier–Design Strategies and Best Practices

For J2EE applications, the Web tier represents the front door—the entry point for all users. It is also the most frequently used initial point of attack for an adversary looking for security weaknesses in an application. This chapter will review the vulnerabilities associated with the Web tier and the patterns used to protect against them.

Web-Tier Security Patterns

Authentication Enforcer

Problem

You need to verify that each request is from an authenticated entity, and since different classes handle different requests, authentication code is replicated in many places and the authentication mechanism can’t ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required