You are previewing RESTful Java Web Services Security.
O'Reilly logo
RESTful Java Web Services Security

Book Description

Secure your RESTful applications against common vulnerabilities

In Detail

This book will serve as a practical companion for you to learn about common vulnerabilities when using RESTful services, and will provide you with an indispensable knowledge of the tools you can use to implement and test security on your applications. It will cover the fine details of setting up RESTful services such as implementing RESTEasy and securing transmission protocols such as the OAuth protocol and its integration with RESTEasy. Furthermore, it also explains the implementation of digital signatures and the integration of the Doseta framework with RESTEasy.

With this book, you will be able to design your own security implementation or use a protocol to grant permissions over your RESTful applications with OAuth. You will also gain knowledge about the working of other features such as configuring and verifying HTTP and HTTPS protocols, certificates, and securing protocols for data transmission. By the end of this book, you will have comprehensive knowledge that will help you to detect and solve vulnerabilities.

What You Will Learn

  • Set up, implement, and personalize your development and test environment
  • Learn, understand, and assimilate concepts inherent to security management on RESTful applications and the importance of these concepts
  • Implement and test security on your applications that use RESTful web services with the most useful techniques and interpret the test results
  • Apply and configure secure protocols on your application
  • Implement, configure, and integrate other technologies such as OAuth or SSO with RESTful applications
  • Learn and assimilate security concepts at JEE application and container level
  • Understand digital signatures and message encryption through descriptive examples
  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

    Table of Contents

    1. RESTful Java Web Services Security
      1. Table of Contents
      2. RESTful Java Web Services Security
      3. Credits
      4. About the Authors
      5. About the Reviewers
      6. www.PacktPub.com
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the example code
          2. Errata
          3. Piracy
          4. Questions
      8. 1. Setting Up the Environment
        1. Downloading tools
          1. Downloading links
        2. Creating the base project
        3. First functional example
          1. Testing the example web service
        4. Summary
      9. 2. The Importance of Securing Web Services
        1. The importance of security
        2. Security management options
          1. Authorization and authentication
            1. Authentication
            2. Authorization
          2. Access control
            1. Transport layer security
          3. Basic authentication by providing user credentials
          4. Digest access authentication
            1. An example with explanation
          5. Authentication through certificates
        3. API keys
        4. Summary
      10. 3. Security Management with RESTEasy
        1. Fine-grained and coarse-grained security
          1. Securing HTTP methods
            1. HTTP method – POST
            2. HTTP method – GET
          2. Fine-grained security implementation through annotations
            1. The @RolesAllowed annotation
              1. The savePerson method
              2. The findById method
            2. The @DenyAll annotation
            3. The @PermitAll annotation
          3. Programmatical implementation of fine-grained security
        2. Summary
      11. 4. RESTEasy Skeleton Key
        1. OAuth protocol
        2. OAuth and RESTEasy Skeleton Key
          1. What is RESTEasy Skeleton Key?
          2. OAuth 2.0 authentication framework
            1. Main features
          3. OAuth2 implementation
            1. Updating RESTEasy modules in JBoss
            2. Setting up the configuration in JBoss
            3. Implementing an OAuth client
              1. The oauth-client project
              2. The discstore project
              3. The oauth-server project
              4. webapp/WEB-INF/ jboss-deployment-structure.xml
              5. Running the application
        3. SSO configuration for security management
        4. OAuth token via Basic Auth
          1. Running the application
        5. Custom filters
          1. Server-side filters
          2. Client-side filters
          3. Example usage of filters
        6. Summary
      12. 5. Digital Signatures and Encryption of Messages
        1. Digital signatures
          1. Updating RESTEasy JAR files
          2. Applying digital signatures
          3. Testing the functionality
          4. Validating signatures with annotations
        2. Message body encryption
          1. Testing the functionality
          2. Enabling the server with HTTPS
            1. Testing the functionality
        3. Summary
      13. Index