ONJava.com -- The Independent Source for Enterprise Java
oreilly.comO'Reilly NetworkXML.comONLamp.comONJava.comOpenP2P.com
 Newsletters | Events | Jobs | API Map | Daily Recipe | OS Java Directory | java.net
  

 Topics

  J2EE/CORBA
  JSP and Servlets
  EJB Components
  JDO/JDBC/SQLJ
  Java/XML/JAX
  Web Services
  Peer-to-Peer
  Open Source
  J2ME/Wireless
  Best Practices
  Java Security
  J2SE/JFC/JVM
  Java IDE Tools
  Java SysAdmin



 Content

  Feature Articles
  Java API Map
  Web Logs
  Book Excerpts
  Events
  OS Java Directory

 Resources

GGZ-Java  May. 12, 2006

JTrac  May. 8, 2006

Dao-zero: implement your DAO intefaces  Apr. 28, 2006

DualRpc easy bidirectional RPC for GUI client to server  Apr. 25, 2006

ColoradoFTP - The Open Source FTP Server  Apr. 19, 2006

More Resources

 Java API Map



  Books

Java Enterprise in a Nutshell, Third Edition

Head First Design Patterns Poster

Eclipse IDE Pocket Guide

JBoss: A Developer's Notebook

Maven: A Developer's Notebook

Swing Hacks

Killer Game Programming in Java

Learning Java, Third Edition

Ant: The Definitive Guide, Second Edition

Spring: A Developer's Notebook

Java in a Nutshell, Fifth Edition

Jakarta Struts Cookbook

Head First Java, Second Edition

QuickTime for Java: A Developer's Notebook

AspectJ Cookbook

More Java Books

 Affiliates

   Servlets.com
  jdom.org


Java Security

Java Security includes such topics as Java Cryptography (JCE), Java Authentication and Authorization Service (JAAS), as well as these tools: jarsigner, keytool and policytool. The security model supports fine-grain access control, governed by system-wide policy files and per-user policy files. Java security is a topic of increasing interest, especially as Java becomes the standard in enterprise application development.

Discovering a Java Application's Security Requirements
By Mark Petrovic
Java security manager policy files are powerful and flexible, but rather grueling and error-prone to write by hand. In this article Mark Petrovic employs a novel approach: a development-time SecurityManager that logs your applications' calls and builds a suitable policy file. Jan. 3, 2007

Separation of Concerns in Web Service Implementations
By Tieu Luu
The principle of "separation of concerns" is much repeated in SOA circles... so why are transactional integrity, security, and business logic so often intermingled in SOA implementations? In this article, Tieu Luu shows how to use Spring to separate out security concerns in an Axis-based web service. Sep. 6, 2006

WS-Security in the Enterprise, Part 2: The Framework
By Denis Piliptchouk
Denis Pilupchuk continues his series on developing a WS-Security toolkit by developing a general framework to match the needs identified in part one and by starting to map WSSE features to Java objects. Mar. 30, 2005

Using SSL with Non-Blocking IO
By Nuno Santos
Java 1.4 introduced non-blocking IO in the NIO package, but not a means of running SSL over it. That forced developers to choose between security and scalability. In J2SE 5.0, there is now a transport-agnostic SSL API, but it takes some work to understand. Nuno Santos shows how to put the two together. Nov. 3, 2004

Java and Security, Part 2
By Avinash Chugh, Jon Mountjoy
This second and final excerpt from Chapter 17 of WebLogic: The Definitive Guide covers WebLogic's various security providers and their default implementations, along with a look at how to authenticate using JAAS, and examples of Authentication and Identity Assertion Providers. Apr. 21, 2004

Java and Security, Part 1
By Avinash Chugh, Jon Mountjoy
In part one in a two-part series of excerpts from Chapter 17 of WebLogic: The Definitive Guide, authors Avinash Chugh and Jon Mountjoy examine WebLogic's various security mechanisms, beginning with a look at the Java Security Manager and how WebLogic filters connection requests. They also cover WebLogic's authentication and authorization framework and how it supports the standard J2EE security services.  Apr. 14, 2004

Java vs. .NET Security, Part 4
By Denis Piliptchouk
Java and .NET address similar code security issues, but which one offers the best security implementation? Denis Piliptchouk's series concludes with a look at user authentication and permissions, and a final wrap-up. Feb. 25, 2004

Security in Struts: User Delegation Made Possible
By Werner Ramaekers
Struts may not have an all-encompassing security scheme, but what it does offer is extensibility. Werner Raemakers looks at how to extend Struts' security by allowing one group of users to delegate permissions to others. Feb. 18, 2004

Java vs. .NET Security, Part 3
By Denis Piliptchouk
Java and .NET address similar code security issues, but which one offers the best security implementation? Denis Piliptchouk's series continues with a look at how each platform handles code protection and code access. Jan. 28, 2004

Java vs. .NET Security, Part 2
By Denis Piliptchouk
Java and .NET address similar code security issues, but which offers the best security implementation? Denis Piliptchouk's series continues with a look at cryptography support. Dec. 10, 2003

Java vs. .NET Security, Part 1
By Denis Piliptchouk
Java and .NET address similar code security issues, but which one offers the best security implementation? Denis Piliptchouk's series starts with a side-by-side look at how each performs configuration, code verification, and memory isolation. Nov. 26, 2003

J2EE Form-based Authentication
By Prabu Arumugam
J2EE Web containers support form-based authentication mechanisms, but how do you integrate application-based security with that in other realms? This article explains. Jun. 12, 2002

The Java Platform
By David Flanagan
In this excerpt from O'Reilly & Associates' Java in a Nutshell, 4th Edition, David Flanagan shows you a number of the Java 2SE platform packages, using examples of the most useful classes in these packages. Feb. 27, 2002

Web FORM-Based Authentication
By Dion Almaer
Dion walks you through the various security settings that can be set up in the Web Application framework, going into detail on how you can set up FORM-based authentication. Aug. 6, 2001

Using Tomcat 4 Security Realms
By James Goodwill
In part 4 of his Using Tomcat series, James Goodwill covers Tomcat 4, focusing on security realms using both memory and JDBC realms (with a MySQL database example). Jul. 24, 2001

JSP Security for Limiting Access to Application-Internal URLs
By Jamie Jaworski
Jamie Jaworski covers a technique for designing and building simple JSP applications, which provides some security benefits such as limiting access to application-internal URLs. Jun. 27, 2001

Java Application Security
By Scott Oaks
In this excerpt from Chapter 1 of Java Security, 2nd Edition, Scott Oaks covers Java application security by defining security; bounding the Java security model; and finally debugging Java security in an applet or application. Jun. 4, 2001

Secure Your Sockets with JSSE
By Jamie Jaworski
Jamie Jaworski installs and uses the JSSE to implement HTTPS, provides an example of a mini-HTTPS server, and Java clients that support SSL.  May. 3, 2001

Programmatically Signing JAR Files
By Raffi Krikorian
While in most cases, programmatically signing JAR files is a frowned upon, there are a few cases when it is necessary.  Apr. 12, 2001

Java Plug-in 1.3 and RSA Signed Applets
By Jamie Jaworski
Jamie Jaworski focuses on the latest release of the Java plug-in (v.1.3) and its support for RSA signed applets as well as dynamic trust management.  Mar. 22, 2001

spacer

  Resources
Apache XML: Security  Feb. 3, 2002

JAAS Tutorial  May. 11, 2001

Java JDE Allows Unauthorized Commands  Mar. 13, 2001

Java Security Evolution, Part 1  Mar. 13, 2001

Java Security Evolution, Part 2  Mar. 13, 2001


More Resources


  Events
More Events

spacer
About ONJava.comContact UsPrivacy PolicyMedia Kit
Copyright © 2000-2006 O’Reilly Media, Inc. All Rights Reserved.
All trademarks and registered trademarks appearing on the O'Reilly Network are the property of their respective owners.
For problems or assistance with this site, email