2. Using the Tutorial Examples
3. Getting Started with Web Applications
5. JavaServer Pages Technology
7. JavaServer Pages Standard Tag Library
10. JavaServer Faces Technology
11. Using JavaServer Faces Technology in JSP Pages
12. Developing with JavaServer Faces Technology
13. Creating Custom UI Components
14. Configuring JavaServer Faces Applications
15. Internationalizing and Localizing Web Applications
16. Building Web Services with JAX-WS
17. Binding between XML Schema and Java Classes
19. SOAP with Attachments API for Java
21. Getting Started with Enterprise Beans
23. A Message-Driven Bean Example
24. Introduction to the Java Persistence API
25. Persistence in the Web Tier
26. Persistence in the EJB Tier
27. The Java Persistence Query Language
Step 2: Initial Authentication
Step 4: Fulfilling the Original Request
Step 5: Invoking Enterprise Bean Business Methods
Characteristics of Application Security
Security Implementation Mechanisms
Java SE Security Implementation Mechanisms
Java EE Security Implementation Mechanisms
Using Deployment Descriptors for Declarative Security
Securing the Application Server
Working with Realms, Users, Groups, and Roles
What Are Realms, Users, Groups, and Roles?
Managing Users and Groups on the Application Server
Adding Users to the Application Server
Adding Users to the Certificate Realm
Mapping Roles to Users and Groups
Establishing a Secure Connection Using SSL
Installing and Configuring SSL Support
Specifying a Secure Connection in Your Application Deployment Descriptor
Working with Digital Certificates
Using a Different Server Certificate with the Application Server
Miscellaneous Commands for Certificates
Enabling Mutual Authentication over SSL
Creating a Client Certificate for Mutual Authentication
Further Information about Security
29. Securing Java EE Applications
31. The Java Message Service API
32. Java EE Examples Using the JMS API
36. The Coffee Break Application
Chapter 28
Introduction to Security in the Java EE Platform
This and subsequent chapters discuss how to address security requirements in Java EE,web, and web services applications. Every enterprise that has sensitive resources that canbe accessed by many users, or resources that traverse unprotected, open, networks, suchas the Internet, needs to be protected.
This chapter introduces basic security concepts and security implementation mechanisms. More information onthese concepts and mechanisms can be found in theSecurity chapter of theJava EE 5 specification. This document is available for download online athttp://www.jcp.org/en/jsr/detail?id=244.
Other chapters in this tutorial that address security requirements include the following:
Chapter 29, Securing Java EE Applications discusses adding security to Java EE components such as enterprise beans and application clients.
Chapter 30, Securing Web Applications discusses and provides examples for adding security to web components such as servlets and JSP pages.
Some of the material in this chapter assumes that you understand basic securityconcepts. To learn more about these concepts, you should explore the Java SEsecurity web site before you begin this chapter. The URL for this siteishttp://download.oracle.com/javase/6/docs/technotes/guides/security/.
This tutorial assumes deployment onto the Application Server and provides some information regardingconfiguration of the Application Server. See the Application Server documentation set athttp://docs.sun.com/coll/1343.4for more information.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.Legal Notices