Servlets and JavaServer Pages: The J2EE Technology Web Tier

Summary

Security is important and Web Applications are designed with this in mind. Understanding the basics of cryptography and how it is implemented via Servlets and JSP rounds out your skill-set even further. Instead of creating a site that anyone can freely visit and use, you are now able to clearly define who can see what and how it can be seen. The ability to provide this security is imperative when building Web Applications that contain content or services of a sensitive nature.

Cryptography is complex, but implementing cryptography in a Web Application is designed to be as simple as possible. The Servlet specification clearly defines an interface by which container vendors can implement any form of security. As a developer the only thing that needs to be completely understood is how to configure the Servlet-provided interface. In most cases, this is done via declarative security using web.xml. In cases where a finer granularity of control is required, programmatic security can be implemented.

The specific security implementations covered in this chapter ranged from simple to complex. Both HTTP basic and digest authentication were covered along with a Web Application's method of providing custom forms and error pages. In the realm of complex cryptography the SSL/TLS protocol was introduced along with certificates for creating truly secure communications. While none of the specific algorithms available for use with SSL/TLS were covered, it was shown that the security provided is adequate for ensuring "secure" connections.

[ directory ]