secure your GlassFish installation, web applications, EJB applications, application client module, and web services using Java EE and GlassFish security measures /
Masoud Kalali.
Birmingham, U.K. :
Packt Open Source,
2010.
1 online resource (v, 275 pages) :
illustrations (some color)
Cover; Copyright; Credits; About the Author; About the Reviewers; Table of Contents; Preface; Chapter 1: Java EE Security Model; Overview of Java EE architecture; Understanding a typical Java EE application; Accessing protected resource inside a Web module; Deployment descriptors; Understanding Java EE security terms; Defining constraints on resources; Authenticating and authorizing users; Adding authentication to a web application; Authorizing using deployment descriptor; Managing session information; Adding transport security; Using programmatic security in web applications
Creating the GlassFish userLogging in as a GlassFish user; Restricting access to the filesystem; Restricting access to network interfaces; Restricting access to ports; Enforcing storage usage limitation; Implementing restrictions in the application server level; Securing the Java Runtime environment from unprivileged access; Implementing the policy manager; Securing the GlassFish using security manager; Alternative container policy providers; Estimating security risks: Auditing; Enabling the default auditing module; Developing custom auditing modules; Summary; Chapter 5: Securing GlassFish
Creating the JDBC realmUsing the LDAP realm to secure web applications; Downloading and installing OpenDS 2.2; Creating the LDAP realm; Creating the certificate realm; Public key cryptography; Digital signature; Key stores and trust stores; Managing certificates; Creating the Solaris realm; Developing custom realms; Developing the custom realm; Installing and configuring; Adding a custom authentication method to GlassFish; Summary; Chapter 3: Designing and Developing Secure Java EE Applications; Understanding the sample application; Analyzing sample application business logic
Implementing the Business and Persistence layersImplementing the Persistence layer; Developing the Presentation layer; Implementing the Conversion GUI; Implementing the Converter servlet; Implementing the authentication frontend; Configuring deployment descriptors; Specifying the security realm; Deploying the application client module in the Application Client Container; Configuring Application Client Container security; Summary; Chapter 4: Securing GlassFish Environment; Securing a host operating system; Defining security at the OS level; Creating the installation directory
Using security annotationsUnderstanding the EJB modules; Securing EJB modules using annotations; Mapping roles to principals and groups; Accessing the security context programmatically; Using EJB interceptors for auditing and security purposes; Enforcing authentication in EJB modules; Understanding the application client module; Declaring security roles in Application level; Summary; Chapter 2: GlassFish Security Realms; Security realms; Authenticating using security realms; Reusing security assets; GlassFish security realms; Administrating security realms; Creating a File realm
0
8
8
8
8
Secure your GlassFish installation, Web applications, EJB applications, Application Client modules, and Web services.