Introduction to Security in the Java EE Platform - The Java EE 6 Tutorial, Volume I

Document Information

Part I Introduction

2. Using the Tutorial Examples

Part II The Web Tier

3. Getting Started with Web Applications

4. Java Servlet Technology

5. JavaServer Faces Technology

6. Introduction to Facelets

7. Using JavaServer Faces Technology in Web Pages

8. Developing with JavaServer Faces Technology

9. Configuring JavaServer Faces Applications

Part III Web Services

10. Introduction to Web Services

11. Building Web Services with JAX-WS

12. Building RESTful Web Services with JAX-RS and Jersey

Part IV Enterprise Beans

13. Enterprise Beans

14. Getting Started with Enterprise Beans

15. Running the Enterprise Bean Examples

Part V Persistence

16. Introduction to the Java Persistence API

17. Running the Persistence Examples

18. The Java Persistence Query Language

Part VI Security

19. Introduction to Security in the Java EE Platform

Overview of Java EE Security

A Simple Security Example

Step 1: Initial Request

Step 2: Initial Authentication

Step 3: URL Authorization

Step 4: Fulfilling the Original Request

Step 5: Invoking Enterprise Bean Business Methods

Security Functions

Characteristics of Application Security

Security Implementation Mechanisms

Java SE Security Implementation Mechanisms

Java EE Security Implementation Mechanisms

Application-Layer Security

Transport-Layer Security

Message-Layer Security

Securing Containers

Using Deployment Descriptors for Declarative Security

Using Annotations

Using Programmatic Security

Securing the Enterprise Server

Working with Realms, Users, Groups, and Roles

What Are Realms, Users, Groups, and Roles?

What Is a Realm?

What Is a User?

What Is a Group?

What Is a Role?

Some Other Terminology

Managing Users and Groups on the Enterprise Server

Adding Users to the Enterprise Server

Adding Users to the Certificate Realm

Setting Up Security Roles

Mapping Roles to Users and Groups

Establishing a Secure Connection Using SSL

Installing and Configuring SSL Support

Specifying a Secure Connection in Your Application Deployment Descriptor

Verifying SSL Support

Tips on Running SSL

Working with Digital Certificates

Creating a Server Certificate

Miscellaneous Commands for Certificates

Further Information about Security

20. Using Java EE Security

21. Securing Java EE Applications

22. Securing Web Applications

Part VII Java EE Supporting Technologies

23. Introduction to Java EE Supporting Technologies

24. Transactions

25. Resource Connections

Chapter 19

Introduction to Security in the Java EE Platform

This and subsequent chapters discuss how to address security requirements in Java EE, web, and web services applications. Every enterprise that has sensitive resources that can be accessed by many users, or resources that traverse unprotected, open, networks, such as the Internet, needs to be protected.

This chapter introduces basic security concepts and security implementation mechanisms. More information on these concepts and mechanisms can be found in the Security chapter of the Java EE 6 specification. This document is available for download online at http://www.jcp.org/en/jsr/detail?id=316.

Other chapters in this tutorial that address security requirements include the following:

Chapter 21, Securing Java EE Applications discusses adding security to Java EE components such as enterprise beans and application clients.
Chapter 22, Securing Web Applications discusses and provides examples for adding security to web components such as servlets and JSP pages.

Some of the material in this chapter assumes that you understand basic security concepts. To learn more about these concepts, you should explore the Java SE security web site before you begin this chapter. The URL for this site is http://java.sun.com/javase/6/docs/technotes/guides/security/.

This tutorial assumes deployment onto the Sun GlassFishEnterprise Server v3 and provides some information regarding configuration of the Enterprise Server. The best source for information regarding configuration of the Enterprise Server, however, is the Sun GlassFish Enterprise Server v3 Administration Guide. The best source for development tips specific to the Enterprise Server is the Sun GlassFish Enterprise Server v3 Preview Application Development Guide. The best source for tips on deploying applications to the Enterprise Server is the Sun GlassFish Enterprise Server v3 Preview Application Deployment Guide.

The material in The Java EE 6 Tutorial, Volume I is copyright-protected and may not be published in other works without express written permission from Sun Microsystems.