Table of Contents - J2EE Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice



•	Table of Contents
•	Index

J2EE Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice
By Pankaj Kumar

Publisher	: Prentice Hall PTR
Pub Date	: September 04, 2003
ISBN	: 0-13-140264-1
Pages	: 464
Slots	: 1.0

Praise for J2EE Security for Servlets, EJBs and Web Services

Hewlett-Packard ® Professional Books

Preface

J2SE, J2EE and Application Security

Scope of the Book

Who Should Read this Book

Organization of the Book

Typographic Conventions Used in This Book

JSTK (Java Security Tool Kit)

Software Used For JSTK

Part 1: The Background

Chapter 1. A Security Primer

The Security Problem

Computers, Networks and the Internet

Security Concepts

Security Attacks

System Vulnerabilities

Toward the Solution

Summary

Further Reading

Chapter 2. A Quick Tour of the Java Platform

Packaging of Java Platform

Part 2: The Technology

Chapter 3. Cryptography with Java

Example Programs and crypttool

Cryptographic Services and Providers

Cryptographic Keys

Encryption and Decryption

Message Digest

Message Authentication Code

Digital Signature

Key Agreement

Summary of Cryptographic Operations

Cryptography with crypttool

Limited versus Unlimited Cryptography

Performance of Cryptographic Operations

Practical Applications

Legal Issues with Cryptography

Summary

Further Reading

Chapter 4. PKI with Java

Digital Certificates

Managing Certificates

Certification Authority

Chapter 5. Access Control

A Quick Tour of Java Access Control Features

Access Control Requirements for the Java Platform

User Identification and Authentication

Policy-Based Authorization

Developing a Login Module

Applying JASS to a Sample Application

Performance Issues

Summary

Further Reading

Chapter 6. Securing the Wire

Brief Overview of SSL

Java API for SSL

KeyManager and TrustManager APIs

Understanding SSL Protocol

Chapter 7. Securing the Message

Message Security Standards

A Brief Note on Handling XML

XML Signature

Java API for XML Signature

XML Encryption

Java API for XML Encryption

XML Signature and Encryption Combinations

Summary

Further Reading

Part 3: The Application

Chapter 8. RMI Security

Sample Application Using RMI

Security from Downloaded Code

SSL for Transport Security

RMI and Access Control

Summary

Further Reading

Chapter 9. Web Application Security

Java Web Applications

Apache Tomcat

A Simple Web Application: RMB

Security Requirements

User Authentication Schemes

Web Container Security Features

HTTPS with Apache Tomcat

Common Vulnerabilities

Summary

Further Reading

Chapter 10. EJB Security

A Brief Overview of EJBs

Working with WebLogic Server 7.0

EJB Security Mechanisms

Declarative Security for EJBs

Declarative Security Example

EJB Security and J2SE Access Control

Summary

Further Reading

Chapter 11. Web Service Security

Web Services Standards

Web Services in Java

Apache Axis

Servlet Security for Web Services

SSL Security for Web Services

WS Security

WS Security with Apache Axis

Summary

Further Reading

Chapter 12. Conclusions

Technology Stack

Authentication and Authorization

Distributed Application Security

Comprehensive Security

Appendix A. Public Key Cryptography Standards

Appendix B. Standard Names桱ava Cryptographic Services

Appendix C. JSTK Tools

asn1parse � Parser for DER or PEM encoded content

Appendix D. Example Programs

Appendix E. Products Used For Examples

Java 2 Platform, Standard Edition

Apache Tomcat

Apache Axis

BEA WebLogic Server

VeriSign's Trust Services Integration Kit ( TSIK )

Infomosaic's Secure XML

Appendix F. Standardization Bodies

Internet Engineering Task Force (IETF)

The World Wide Web Consortium (W3C)

OASIS

JCP (Java Community Process)

References

Index

< Day Day Up >