| ||
| ||
| ||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
Java SecurityJava Security includes such topics as Java Cryptography (JCE), Java Authentication and Authorization Service (JAAS), as well as these tools: jarsigner, keytool and policytool. The security model supports fine-grain access control, governed by system-wide policy files and per-user policy files. Java security is a topic of increasing interest, especially as Java becomes the standard in enterprise application development.Discovering a Java Application's Security Requirements By Mark Petrovic Java security manager policy files are powerful and flexible, but rather grueling and error-prone to write by hand. In this article Mark Petrovic employs a novel approach: a development-time SecurityManager that logs your applications' calls and builds a suitable policy file. Jan. 3, 2007 Separation of Concerns in Web Service Implementations By Tieu Luu The principle of "separation of concerns" is much repeated in SOA circles... so why are transactional integrity, security, and business logic so often intermingled in SOA implementations? In this article, Tieu Luu shows how to use Spring to separate out security concerns in an Axis-based web service. Sep. 6, 2006 WS-Security in the Enterprise, Part 2: The Framework By Denis Piliptchouk Denis Pilupchuk continues his series on developing a WS-Security toolkit by developing a general framework to match the needs identified in part one and by starting to map WSSE features to Java objects. Mar. 30, 2005 Using SSL with Non-Blocking IO By Nuno Santos Java 1.4 introduced non-blocking IO in the NIO package, but not a means of running SSL over it. That forced developers to choose between security and scalability. In J2SE 5.0, there is now a transport-agnostic SSL API, but it takes some work to understand. Nuno Santos shows how to put the two together. Nov. 3, 2004 Java and Security, Part 2 By Avinash Chugh, Jon Mountjoy This second and final excerpt from Chapter 17 of WebLogic: The Definitive Guide covers WebLogic's various security providers and their default implementations, along with a look at how to authenticate using JAAS, and examples of Authentication and Identity Assertion Providers. Apr. 21, 2004 Java and Security, Part 1 By Avinash Chugh, Jon Mountjoy In part one in a two-part series of excerpts from Chapter 17 of WebLogic: The Definitive Guide, authors Avinash Chugh and Jon Mountjoy examine WebLogic's various security mechanisms, beginning with a look at the Java Security Manager and how WebLogic filters connection requests. They also cover WebLogic's authentication and authorization framework and how it supports the standard J2EE security services. Apr. 14, 2004 Java vs. .NET Security, Part 4 By Denis Piliptchouk Java and .NET address similar code security issues, but which one offers the best security implementation? Denis Piliptchouk's series concludes with a look at user authentication and permissions, and a final wrap-up. Feb. 25, 2004 Security in Struts: User Delegation Made Possible By Werner Ramaekers Struts may not have an all-encompassing security scheme, but what it does offer is extensibility. Werner Raemakers looks at how to extend Struts' security by allowing one group of users to delegate permissions to others. Feb. 18, 2004 Java vs. .NET Security, Part 3 By Denis Piliptchouk Java and .NET address similar code security issues, but which one offers the best security implementation? Denis Piliptchouk's series continues with a look at how each platform handles code protection and code access. Jan. 28, 2004 Java vs. .NET Security, Part 2 By Denis Piliptchouk Java and .NET address similar code security issues, but which offers the best security implementation? Denis Piliptchouk's series continues with a look at cryptography support. Dec. 10, 2003 Java vs. .NET Security, Part 1 By Denis Piliptchouk Java and .NET address similar code security issues, but which one offers the best security implementation? Denis Piliptchouk's series starts with a side-by-side look at how each performs configuration, code verification, and memory isolation. Nov. 26, 2003 J2EE Form-based Authentication By Prabu Arumugam J2EE Web containers support form-based authentication mechanisms, but how do you integrate application-based security with that in other realms? This article explains. Jun. 12, 2002 The Java Platform By David Flanagan In this excerpt from O'Reilly & Associates' Java in a Nutshell, 4th Edition, David Flanagan shows you a number of the Java 2SE platform packages, using examples of the most useful classes in these packages. Feb. 27, 2002 Web FORM-Based Authentication By Dion Almaer Dion walks you through the various security settings that can be set up in the Web Application framework, going into detail on how you can set up FORM-based authentication. Aug. 6, 2001 Using Tomcat 4 Security Realms By James Goodwill In part 4 of his Using Tomcat series, James Goodwill covers Tomcat 4, focusing on security realms using both memory and JDBC realms (with a MySQL database example). Jul. 24, 2001 JSP Security for Limiting Access to Application-Internal URLs By Jamie Jaworski Jamie Jaworski covers a technique for designing and building simple JSP applications, which provides some security benefits such as limiting access to application-internal URLs. Jun. 27, 2001 Java Application Security By Scott Oaks In this excerpt from Chapter 1 of Java Security, 2nd Edition, Scott Oaks covers Java application security by defining security; bounding the Java security model; and finally debugging Java security in an applet or application. Jun. 4, 2001 Secure Your Sockets with JSSE By Jamie Jaworski Jamie Jaworski installs and uses the JSSE to implement HTTPS, provides an example of a mini-HTTPS server, and Java clients that support SSL. May. 3, 2001 Programmatically Signing JAR Files By Raffi Krikorian While in most cases, programmatically signing JAR files is a frowned upon, there are a few cases when it is necessary. Apr. 12, 2001 Java Plug-in 1.3 and RSA Signed Applets By Jamie Jaworski Jamie Jaworski focuses on the latest release of the Java plug-in (v.1.3) and its support for RSA signed applets as well as dynamic trust management. Mar. 22, 2001 |
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
    |
|
|
|
|
|
|
|
Copyright © 2000-2006 O’Reilly Media, Inc. All Rights Reserved. All trademarks and registered trademarks appearing on the O'Reilly Network are the property of their respective owners. For problems or assistance with this site, email |
|
