RESTful Java Web Services Security


RESTful Java Web Services Security
eBook: $19.99
Formats: PDF, PacktLib, ePub and Mobi formats
$16.99
save 15%!
Print + free eBook + free PacktLib access to the book: $52.98    Print cover: $32.99
$32.99
save 38%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Overview
Table of Contents
Author
Support
Sample Chapters
  • Learn how to use, configure, and set up tools for applications that use RESTful web services to prevent misuse of resources
  • Get to know and fix the most common vulnerabilities of RESTful web services APIs
  • A step-by-step guide portraying the importance of securing a RESTful web service with simple examples applied to real-world scenarios

Book Details

Language : English
Paperback : 144 pages [ 235mm x 191mm ]
Release Date : July 2014
ISBN : 1783980109
ISBN 13 : 9781783980109
Author(s) : René Enríquez, Andrés Salazar C.
Topics and Technologies : All Books, Open Source, Web Development


Table of Contents

Preface
Chapter 1: Setting Up the Environment
Chapter 2: The Importance of Securing Web Services
Chapter 3: Security Management with RESTEasy
Chapter 4: RESTEasy Skeleton Key
Chapter 5: Digital Signatures and Encryption of Messages
Index
  • Chapter 2: The Importance of Securing Web Services
    • The importance of security
    • Security management options
      • Authorization and authentication
        • Authentication
        • Authorization
      • Access control
        • Transport layer security
      • Basic authentication by providing user credentials
      • Digest access authentication
        • An example with explanation
      • Authentication through certificates
    • API keys
    • Summary
  • Chapter 3: Security Management with RESTEasy
    • Fine-grained and coarse-grained security
      • Securing HTTP methods
        • HTTP method – POST
        • HTTP method – GET
      • Fine-grained security implementation through annotations
        • The @RolesAllowed annotation
        • The @DenyAll annotation
        • The @PermitAll annotation
      • Programmatical implementation of fine-grained security
    • Summary
  • Chapter 4: RESTEasy Skeleton Key
    • OAuth protocol
    • OAuth and RESTEasy Skeleton Key
      • What is RESTEasy Skeleton Key?
      • OAuth 2.0 authentication framework
        • Main features
      • OAuth2 implementation
        • Updating RESTEasy modules in JBoss
        • Setting up the configuration in JBoss
        • Implementing an OAuth client
    • SSO configuration for security management
    • OAuth token via Basic Auth
      • Running the application
    • Custom filters
      • Server-side filters
      • Client-side filters
      • Example usage of filters
    • Summary
  • Chapter 5: Digital Signatures and Encryption of Messages
    • Digital signatures
      • Updating RESTEasy JAR files
      • Applying digital signatures
      • Testing the functionality
      • Validating signatures with annotations
    • Message body encryption
      • Testing the functionality
      • Enabling the server with HTTPS
        • Testing the functionality
    • Summary

René Enríquez

René Enríquez is currently a software architect for a multinational company headquartered in India. He has previously worked on many projects related to security implementation using frameworks such as JAAS and Spring Security to integrate many platforms based on the Web, BPM, CMS, and web services for government and private sector companies. He is a technology and innovation enthusiast, and he is currently working with several programming languages. He has achieved the following certifications:

  • Oracle Certified Professional, Java SE 6 Programmer
  • Microsoft Technology Associate
  • Cisco Network Operating Systems

Over the past few years, he has worked as a software consultant on various projects for private and government companies and as an instructor of courses to build enterprise and mobile applications. He is also an evangelist of best practices for application development and integration.


Andrés Salazar C.

Andrés Salazar C. is currently working at one of the most prestigious government companies in Ecuador, performing tasks related to software development and security implementation based on JAAS and digital signatures for secure applications. He also has extensive knowledge of OAuth implementation on web projects. He is a technology and Agile enthusiast, and he has worked on several projects using the JEE technology and TDD. He has achieved the following certifications:

  • Oracle Certified Professional, Java SE 6 Programmer
  • Certified Scrum Developer
Sorry, we don't have any reviews for this title yet.

Code Downloads

Download the code and support files for this book.


Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

Sample chapters

You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

Frequently bought together

RESTful Java Web Services Security +    concrete5 Beginner's Guide =
50% Off
the second eBook
Price for both: £20.95

Buy both these recommended eBooks together and get 50% off the cheapest eBook.

What you will learn from this book

  • Set up, implement, and personalize your development and test environment
  • Learn, understand, and assimilate concepts inherent to security management on RESTful applications and the importance of these concepts
  • Implement and test security on your applications that use RESTful web services with the most useful techniques and interpret the test results
  • Apply and configure secure protocols on your application
  • Implement, configure, and integrate other technologies such as OAuth or SSO with RESTful applications
  • Learn and assimilate security concepts at JEE application and container level
  • Understand digital signatures and message encryption through descriptive examples

In Detail

This book will serve as a practical companion for you to learn about common vulnerabilities when using RESTful services, and will provide you with an indispensable knowledge of the tools you can use to implement and test security on your applications. It will cover the fine details of setting up RESTful services such as implementing RESTEasy and securing transmission protocols such as the OAuth protocol and its integration with RESTEasy. Furthermore, it also explains the implementation of digital signatures and the integration of the Doseta framework with RESTEasy.

With this book, you will be able to design your own security implementation or use a protocol to grant permissions over your RESTful applications with OAuth. You will also gain knowledge about the working of other features such as configuring and verifying HTTP and HTTPS protocols, certificates, and securing protocols for data transmission. By the end of this book, you will have comprehensive knowledge that will help you to detect and solve vulnerabilities.

Approach

A sequential and easy-to-follow guide which allows you to understand the concepts related to securing web apps/services quickly and efficiently, since each topic is explained and described with the help of an example and in a step-by-step manner, helping you to easily implement the examples in your own projects.

Who this book is for

This book is intended for web application developers who use RESTful web services to power their websites. Prior knowledge of RESTful is not mandatory, but would be advisable.

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software