Securing Web Applications
Securing Web Applications
Examples: Securing Web Applications
There are several ways in which you can secure web applications. These include the following
options:
You can define a user authentication method for an application in its deployment
descriptor. Authentication verifies the identity of a user, device, or other entity in a
computer system, usually as a prerequisite to allowing access to resources in a system. When
a user authentication method is specified for an application, the web container activates the
specified authentication mechanism when you attempt to access a protected resource.
The options for user authentication methods are discussed in
. All of the example security applications use a user authentication
method.
You can define a transport guarantee for an application in its deployment descriptor. Use
this method to run over an SSL-protected session and ensure that all message content is
protected for confidentiality or integrity. The options for transport guarantees are discussed
in
When running over an SSL-protected session, the server and client can authenticate one
another and negotiate an encryption algorithm and cryptographic keys before the
application protocol transmits or receives its first byte of data.
SSL technology allows web browsers and web servers to communicate over a secure
connection. In this secure connection, the data is encrypted before being sent, and then is
decrypted upon receipt and before processing. Both the browser and the server encrypt all
traffic before sending any data. For more information, see
Digital certificates are necessary when running HTTP over SSL (HTTPS). The HTTPS
service of most web servers will not run unless a digital certificate has been installed. Digital
certificates have already been created for the Application Server.
The following examples use annotations, programmatic security, and/or declarative security to
demonstrate adding security to existing web applications:
The following examples demonstrate adding basic authentication to an EJB endpoint or
enterprise bean:
Examples: Securing Web Applications
Chapter 30 · Securing Web Applications
867