|Also available on:|
- Secure your GlassFish installation and J2EE applications
- Develop secure Java EE applications including Web, EJB, and Application Client modules
- Secure web services using GlassFish and OpenSSO web service security features
- Support SSL in GlassFish including Mutual Authentication and Certificate Realm with this practical guide
Book DetailsLanguage : English
Paperback : 296 pages [ 235mm x 191mm ]
Release Date : May 2010
ISBN : 1847199380
ISBN 13 : 9781847199386
Author(s) : Masoud Kalali
Topics and Technologies : All Books, Security and Testing, Java, Open Source, Web Services
Table of Contents
Chapter 1: Java EE Security Model
Chapter 2: GlassFish Security Realms
Chapter 3: Designing and Developing Secure Java EE Applications
Chapter 4: Securing GlassFish Environment
Chapter 5: Securing GlassFish
Chapter 6: Introducing OpenDS: Open Source Directory Service
Chapter 7: OpenSSO, the Single sign-on Solution
Chapter 8: Securing Java EE Applications using OpenSSO
Chapter 9: Securing Web Services by OpenSSO
The book is efficient, has a clean layout and contains a logical progression of current JAVA EE and GlassFish Specific security topics. If you are developing Java EE 6 applications that reside in the GlassFish application server, “GlassFish Security” should be included in your project reference material. Keep up the good work Packt!
Download the code and support files for this book.
Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.
Errata- 5 submitted: last submission 09 Aug 2012
Errata type: Graphics | Page number: 52 | Errata date: 02/02/2012
In the additional properties table, the entry for Digest Algorithm should be the word none instead of being empty.
Errata type: Code | Page number: 50 | Errata date:
insert into groups values('jack',manager);
insert into groups values('jack','manager');
Errata type: Code | Page number: 237 | Errata date: 06/29/2010
Method(operationName = "stringEcho")
Method(operationName = "@WebMethod")
Errata type: Typo | Page number: 22 | Errata date: 07/03/2010
Here is a example snippet to add encryption support for a set of resources:
Here is an example snippet to add encryption support for a set of resources:
Errata type: Technical | Page number: 104 | Errata date: 13 July 10
Install GlassFish in/opt/app-server and revoke all access permissions to this directory from groups who we do not want to allow to access the resource.
Install GlassFish in /opt/app-server and revoke all access permissions to this directory from groups who we do not want to allow to access the resource.
What you will learn from this book
- Develop secure Java EE applications including Web, EJB, and Application client modules.
- Reuse the security assets you have by learning GlassFish security realms in great details along with the sample for each realm.
- Secure GlassFish installation including operating system security and JVM policy configuration.
- Secure Java EE applications using OpenSSO and set up Single Sign-On (SSO) between multiple applications.
- Secure web services using Java EE built-in features, OpenSSO and WS-Security.
- Secure network listeners and passwords using GlassFish provided facilities.
- Learn using OpenSSO services, SDKs, and agents to secure Java EE enterprise applications including Web Services.
- Learn using OpenDS both as administrator and as an LDAP solution developer.
- All command lines and more than 90% of the book content applies for both GlassFish 3.x and 2.x.
Security was, is, and will be one of the most important aspects of Enterprise Applications and one of the most challenging areas for architects, developers, and administrators. It is mandatory for Java EE application developers to secure their enterprise applications using Glassfish security features.
Learn to secure Java EE artifacts (like Servlets and EJB methods), configure and use GlassFish JAAS modules, and establish environment and network security using this practical guide filled with examples. One of the things you will love about this book is that it covers the advantages of protecting application servers and web service providers using OpenSSO.
The book starts by introducing Java EE security in Web, EJB, and Application Client modules. Then it introduces the Security Realms provided in GlassFish, which developers and administrators can use to complete the authentication and authorization setup. In the next step, we develop a completely secure Java EE application with Web, EJB, and Application Client modules.
The next part includes a detailed and practical guide to setting up, configuring, and extending GlassFish security. This part covers everything an administrator needs to know about GlassFish security, starting from installation and operating environment security, listeners and password security, through policy enforcement, to auditing and developing new auditing modules.
Before starting the third major part of the book, we have a chapter on OpenDS discussing how to install, and administrate OpenDS. The chapter covers importing and exporting data, setting up replications, backup and recovery and finally developing LDAP based solutions using OpenDS and Java.
Finally the third part starts by introducing OpenSSO and continues with guiding you through OpenSSO features, installation, configuration and how you can use it to secure Java EE applications in general and web services in particular. Identity Federation and SSO are discussed in the last chapter of the book along with a working sample.
Inspired from real development cases, this practical guide shows you how to secure a GlassFish installation and how to develop applications with secure authentication based on GlassFish, Java EE, and OpenSSO capabilities.
Security is driven by requirement and design and we implement security on the basis of the requirements provided by analysts. In this book, we take a programmatic approach to understand Java EE and GlassFish security.
You will find plenty of code samples in this book. It is easy to secure your application when you have a demonstration of a complete and working application explained in the book, isn't it? Each chapter starts with the importance and relevance of the topic by introducing some Java EE applications requirement, which will encourage you to read it further.
Who this book is for
This book is for application designers, developers and administrators who work with GlassFish and are keen to understand Java EE and GlassFish security.
To take full advantage of this book, you need to be familiar with Java EE and GlassFish application servers. You will love this book if you are looking for a book that covers Java EE security and using GlassFish features to create secure Java EE applications, or to secure the GlassFish installation and operating environment and using OpenSSO.