Book description
J2EE developers have an extraordinary array of powerful options for securing their Web services, Web applications, EJB components and RMI objects. Now, expert Java architect Pankaj Kumar helps developers make sense of Java's increasingly rich security APIs, tools, patterns, and best practices-showing how to use each of them in the right place, at the right time, and in the right way.
Kumar covers every significant J2SE and J2EE security mechanism, presenting practical implementation techniques for the entire J2EE project lifecycle: analysis, design, development, deployment and operations. The book's example-rich coverage includes:
Implementing cryptography with the JCA (Java Cryptography Architecture) and JCE (Java Cryptography Extension) security APIs
Building PKI systems with Java: implementing X.509 certificates, Certification Authorities, Certificate Revocation Lists, and repositories
Java security managers, policy files, and JAAS: implementing access control based on code origin, code signer and user credentials
Securing the wire: Using SSL and the JSSE API to secure data exchange over unprotected networks
Ensuring XML message integrity, authentication, and confidentiality with the standards: XML Signature & XML Encryption using the VeriSign TSIK, and Infomosaic SecureXML libraries
Addressing security issues in RMI-based distributed applications
Developing and deploying servlets and EJBs for authenticated and secure access
Securing Web services with transport- and message-based security: SSL for transport-based and WS Security for message-based security
Covering security aspects of best-of-breed products: Apache Tomcat, Apache Axis, and BEA WebLogic Server.
Table of contents
- Copyright
- Praise for J2EE Security for Servlets, EJBs and Web Services
- Hewlett-Packard® Professional Books
- Preface
- The Background
-
The Technology
-
Cryptography with Java
- Example Programs and crypttool
- Cryptographic Services and Providers
- Cryptographic Keys
- Encryption and Decryption
- Message Digest
- Message Authentication Code
- Digital Signature
- Key Agreement
- Summary of Cryptographic Operations
- Cryptography with crypttool
- Limited versus Unlimited Cryptography
- Performance of Cryptographic Operations
- Practical Applications
- Legal Issues with Cryptography
- Summary
- Further Reading
- PKI with Java
- Access Control
- Securing the Wire
- Securing the Message
-
Cryptography with Java
- The Application
- References
- Index
Product information
- Title: J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice
- Author(s):
- Release date: September 2003
- Publisher(s): Pearson
- ISBN: 0131402641
You might also like
book
Enterprise Java™ Security: Building Secure J2EE™ Applications
provides application developers and programmers with the know-how they need to utilize the latest Java security …
book
The Definitive Guide to Security in Jakarta EE: Securing Java-based Enterprise Applications with Jakarta Security, Authorization, Authentication and More
Refer to this definitive and authoritative book to understand the Jakarta EE Security Spec, with Jakarta …
book
J2EE™ Web Services
“ J2EE™ Web Services is written in the tradition of great books people have come to …
book
SOA Using Java™ Web Services
Expert Solutions and State-of-the-Art Code Examples is a hands-on guide to implementing Web services and Service …