Document Information

Preface

Part I Introduction

1.  Overview

2.  Using the Tutorial Examples

Part II The Web Tier

3.  Getting Started with Web Applications

4.  JavaServerTM Faces Technology

5.  Introduction to Facelets

6.  Unified Expression Language

7.  Using JavaServerTM Faces Technology in Web Pages

8.  Using Converters, Listeners and Validators

9.  Developing With JavaServerTM Faces Technology

10.  Java Servlet Technology

Part III Web Services

11.  Introduction to Web Services

12.  Building Web Services with JAX-WS

13.  Building RESTful Web Services with JAX-RS and Jersey

Part IV Enterprise Beans

14.  Enterprise Beans

15.  Getting Started with Enterprise Beans

16.  Running the Enterprise Bean Examples

Part V Contexts and Dependency Injection for the JavaTM EE Platform

17.  Introduction to Contexts and Dependency Injection for the JavaTM EE Platform

18.  Running the Basic Contexts and Dependency Injection Examples

Part VI Persistence

19.  Introduction to the Java Persistence API

20.  Running the Persistence Examples

21.  The Java Persistence Query Language

22.  Creating Queries Using the Criteria API

Part VII Security

23.  Introduction to Security in the Java EE Platform

24.  Getting Started Securing Enterprise Applications

Overview of Web Application Security

Using Deployment Descriptors to Secure Web Applications

Introduction to Web Application Deployment Descriptors

Specifying Security Constraints

Specifying a Web Resource Collection

Specifying an Authorization Constraint

Specifying a Secure Connection

Specifying Separate Security Constraints for Different Resources

Specifying an Authentication Mechanism

HTTP Basic Authentication

Form-Based Authentication

HTTPS Client Authentication

Digest Authentication

Working with Security Roles

Reviewing Security Concepts

Declaring Security Roles

Mapping Security Roles to Enterprise Server Groups

Using Programmatic Security with Web Applications

Authenticating Users Programmatically

Checking Caller Identity Programmatically

Example Code for Programmatic Security

Declaring and Linking Role References

Using Message Security with Web Applications

Examples: Securing Web Applications

Setting Up Your System for Running the Security Examples

Example: Basic Authentication with a Servlet

Specifying Security in the Deployment Descriptor

Building, Packaging, and Deploying the Servlet Basic Authentication Example Using NetBeans IDE

Building, Packaging, and Deploying the Servlet Basic Authentication Example Using Ant

Running the Basic Authentication Servlet

Troubleshooting the Basic Authentication Example

Example: Basic Authentication with JAX-WS

Adding Security Elements to the Deployment Descriptor

Building and Deploying helloservice with Basic Authentication Using NetBeans IDE

Building and Deploying helloservice with Basic Authentication Using Ant

Building and Running the helloservice Client Application with Basic Authentication Using NetBeans IDE

Building and Running the helloservice Client Application with Basic Authentication Using Ant

Example: Form-Based Authentication with a Servlet

Creating the Login Form and the Error Page

Specifying Security in the Deployment Descriptor

Building, Packaging, and Deploying the Form-Based Authentication Example Using NetBeans IDE

Building, Packaging, and Deploying the Form-Based Authentication Example Using Ant

Testing the Form-Based Authentication Web Client

Part VIII JavaTM EE Supporting Technologies

26.  Introduction to JavaTM EE Supporting Technologies

27.  Transactions

28.  Resource Connections

Index

  
java.sun.com | docs.sun.com
The Java EE 6 Tutorial, Volume I
Home | Download | PDF | API | FAQ | Search | Feedback | History

Chapter 25

Getting Started Securing Web Applications

A web application is an application that is accessed using a web browser over a network such as the Internet or a company's intranet. As discussed in Chapter 24, Getting Started Securing Enterprise Applications, the JavaTM EE platform uses a distributed multi-tiered application model. As discussed in Distributed Multitiered Applications, web applications run in the web-tier.

Web applications contain resources that can be accessed by many users. These resources often traverse unprotected, open networks, such as the Internet. In such an environment, a substantial number of web applications will require some type of security. The ways to implement security for Java EE web applications are discussed in a general way in Securing Containers. This chapter provides more detail and a few examples that explore these security services as they relate to web components.

Both types of web applications can be secured using the same security model:

  • Presentation-oriented: A presentation-oriented web application generates interactive web pages containing various types of markup language such as HTML, XHTML, and XML, and generates dynamic content in response to requests. The technologies that are discussed in this chapter and that are considered presentation-oriented web applications include Java Servlets and JavaServerTM Faces technology. You can read more about web applications in Chapter 3, Getting Started with Web Applications.

  • Service-oriented: A service-oriented web application implements the endpoint of a web service. Presentation-oriented applications are often clients of service-oriented web applications. The technologies that are discussed in the chapter and that are considered service-oriented web applications include the Java API for XML-Based Web Services (JAX-WS) and the Java API for RESTful Web Services (JAX-RS). You can read more about web services in Chapter 11, Introduction to Web Services

Securing applications and their clients in the business tier and the EIS tier is discussed in Chapter 24, Getting Started Securing Enterprise Applications.

The following topics are included in this chapter:

The material in The Java EE 6 Tutorial, Volume I is copyright-protected and may not be published in other works without express written permission from Sun Microsystems.