J2EE Security: Sample Chapter

Spotlight quote:
Nice to see your advise on killing happyaxis.jar; every so often I google for it to see if it is an issue. Also nice to see the WS-Security stuff.
-- Steve Loughran, creator of happyaxis.jar

Table of Contents

PART I: THE BACKGROUND

A Security Primer

The Security Problem
Computers, Networks and The Internet
Security Concepts
Security Attacks
System Vulnerabilities
Towards The Solution

A Quick Tour of the Java Platform

Packaging of Java Platform
Evolution of Java
Java Security Model
- Java Language Security
- Access Control
- Cryptographic Security
J2SE Platform
J2EE Platform

PART II: THE TECHNOLOGY

Cryptography with Java

Cryptographic Services and Providers
Cryptographic Keys
Encryption and Decryption
Message Digest
Message Authentication Code
Digital Signature
Key Agreement
Summary of Cryptographic Operations
Cryptography with crypttool
Limited versus Unlimited Cryptography
Performance of Cryptographic Operations
Practical Applications
Legal Issues with Cryptography

PKI with Java

Digital Certificates
Managing Certificates
Certification Authority
PKI Architectures
Java API for PKI
- Certificates and Certification Paths
- Certificate Revocation List
- Repository of Certificates and CRLs
- Building Certification Paths
- Validating Certification Paths
Applications of PKI
PKI Use-Cases

Access Control

A Quick Tour of the Java Access Control Features
Access Control Requirements for the Java Platofrm
User Identification and Authentication
Policy-Based Authorization
Developing a Login Module
Applying JAAS to a Simple Application
Performance Issues

Securing the Wire

Brief Overview of SSL
Java API for SSL
KeyManager and TrustManager APIs
Understanding SSL Protocol
HTTP Over SSL
RMI Over SSL
Performance Issues
Trouble Shooting

Securing the Message

Message Security Standards
A Brief Note on Handling XML
XML Signature
Java API for XML Signature
XML Encryption
Java API for XML Encryption
XML Signature and Encryption Combinations

PART III: THE APPLICATION

RMI Security

Sample Application Using RMI
Security from Downloaded Code
SSL for Transport Security
RMI and Access Control

Web Application Security

Java Web Applications
Apache Tomcat
A Simple Web Application: RMB
Security Requirements
User Authentication Schemes
Web Container Security Features
HTTPS with Apache Tomcat
Common Vulnerabilities

EJB Security

A Brief Overview of EJBs
Working with WebLogic Server 7.0
EJB Security Mechanisms
Declarative Security for EJBs
Declarative Security Example
EJB Security and J2SE Access Control

Web Service Security

Web Services Standards
Web Services in Java
Apache Axis
Servlet Security for Web Services
WS Security
WS Security with Apache Axis

Conclusions

Technology Stack
Authentication and Authorization
Distributed Application Security
Comprehensive Security

Appendix A: Public Key Cryptography Standards

Appendix B: Standard Names -- Java Cryptographic Services

Appendix C: JSTK Tools

Appendix D: Example Programs

Appendix E: Products Used For Examples

Appendix F: Standardization Bodies

	Java Security for the Enterprise	Spotlight quote: Nice to see your advise on killing happyaxis.jar; every so often I google for it to see if it is an issue. Also nice to see the WS-Security stuff. -- Steve Loughran, creator of happyaxis.jar

J2EE Security Home Highlights Table of Contents Preface Sample Chapter View Source Files Download Source Files Illustration Products Talk Back/Forums Contact Author Errata Reviews Media Readers About the Author Author's home page Author's weblog	Table of Contents PART I: THE BACKGROUND A Security Primer The Security Problem Computers, Networks and The Internet Security Concepts Security Attacks System Vulnerabilities Towards The Solution A Quick Tour of the Java Platform Packaging of Java Platform Evolution of Java Java Security Model Java Language Security Access Control Cryptographic Security J2SE Platform J2EE Platform PART II: THE TECHNOLOGY Cryptography with Java Cryptographic Services and Providers Cryptographic Keys Encryption and Decryption Message Digest Message Authentication Code Digital Signature Key Agreement Summary of Cryptographic Operations Cryptography with crypttool Limited versus Unlimited Cryptography Performance of Cryptographic Operations Practical Applications Legal Issues with Cryptography PKI with Java Digital Certificates Managing Certificates Certification Authority PKI Architectures Java API for PKI Certificates and Certification Paths Certificate Revocation List Repository of Certificates and CRLs Building Certification Paths Validating Certification Paths Applications of PKI PKI Use-Cases Access Control A Quick Tour of the Java Access Control Features Access Control Requirements for the Java Platofrm User Identification and Authentication Policy-Based Authorization Developing a Login Module Applying JAAS to a Simple Application Performance Issues Securing the Wire Brief Overview of SSL Java API for SSL KeyManager and TrustManager APIs Understanding SSL Protocol HTTP Over SSL RMI Over SSL Performance Issues Trouble Shooting Securing the Message Message Security Standards A Brief Note on Handling XML XML Signature Java API for XML Signature XML Encryption Java API for XML Encryption XML Signature and Encryption Combinations PART III: THE APPLICATION RMI Security Sample Application Using RMI Security from Downloaded Code SSL for Transport Security RMI and Access Control Web Application Security Java Web Applications Apache Tomcat A Simple Web Application: RMB Security Requirements User Authentication Schemes Web Container Security Features HTTPS with Apache Tomcat Common Vulnerabilities EJB Security A Brief Overview of EJBs Working with WebLogic Server 7.0 EJB Security Mechanisms Declarative Security for EJBs Declarative Security Example EJB Security and J2SE Access Control Web Service Security Web Services Standards Web Services in Java Apache Axis Servlet Security for Web Services WS Security WS Security with Apache Axis Conclusions Technology Stack Authentication and Authorization Distributed Application Security Comprehensive Security Appendix A: Public Key Cryptography Standards Appendix B: Standard Names -- Java Cryptographic Services Appendix C: JSTK Tools Appendix D: Example Programs Appendix E: Products Used For Examples Appendix F: Standardization Bodies

	Disclaimer: This website is created and maintained by the author of "J2EE Security ..." book. Views expressed here belong to the author and do not represent those of the publisher or the author's employer. Copyright ©2003 Pankaj Kumar. All Rights Reserved.

J2EE Security

Reviews

About the Author

Table of Contents