| < Free Open Study > |
|
In this chapter, we saw how we can use server-side policy files to protect against badly-written or malevolent code. Such policy files are especially important when third party code is hosted on a server.
We covered SSL, and the technologies that make it possible including shared secret encryption and public key encryption. We saw how easy it is to configure SSL both on the server and the client side - we configured Tomcat to use SSL and created and imported a certificate into Internet Explorer.
We also explored both declarative and programmatic security. Tomcat 4 provides a highly customizable declarative security implementation, and includes support for container-managed security. Through the use of realms, Tomcat fulfills its authentication and security requirements without becoming platform dependent. Single-sign on with Tomcat demonstrated how we can make a system significantly more user-friendly by avoiding several tedious authentications when a service spans web applications.
Although as much security as possible should be declarative in nature, there are time when we need to define security programmatically. So, we took a quick look at programmatic security to see how it can be used to implement an application's security model.
In the next chapter we're going to turn our attention to how we can effectively debug servlets
A |
---|
addPropertyChangeListener() method
Apache Tomcat see Tomcat. asymmetric keys
attributes
auth-constraint> sub-element
authenticate() method
authentication
auth-method> sub-element
|
B |
---|
BASIC authentication
business security logic, 16 |
C |
---|
catalina.policy, Tomcat policy file, 2 certification
Certification Authorities
cipher suite
CLIENT-CERT authentication
container configuration
container managed security, 19 Context> element
|
D |
---|
data encryption see encryption, SSL. data integrity
declarative security, 21
DIGEST authentication
digested passwords
digital certificates, SSL
digital signatures, SSL, 7 display-name> sub-element
|
E |
---|
elements
encryption, SSL, 6 Engine> element
|
F |
---|
FORM-based authentication
form-error-page> element
form-login-config> sub-element
form-login-page> element
|
G |
---|
getContainer() method
getInfo() method
getRemoteUser() method
getUserPrincipal() method
grant statements
|
H |
---|
handshaking
hasRole() method
Host> element
http-method> element
HttpServletRequest interface
|
I |
---|
interfaces
isUserInRole() method
|
J |
---|
Java 2 security model, 1
Java Key Store
java.io.FilePermission, policy files
java.lang.RuntimePermission, policy files
java.net.SocketPermission, policy files
java.security.AllPermission, policy files
java.util.PropertyPermission, policy files
JDBCRealm
JDK: keytool
JNDIRealm implementation
job functions see roles. JSSE (Java Secure Socket Extension)
|
K |
---|
keystore
|
L |
---|
localhost, SSL
login-config> element
|
M |
---|
MD5 algorithm
MemoryRealm
methods
multiple authentication requests
|
N |
---|
NetAccessServlet
|
O |
---|
org.apache.catalina.Realm interface
org.apache.catalina.realm.MemoryRealm
|
P |
---|
passwords
policy files, Java 2 security model, 1
privacy
programmatic security
public key encryption, SSL, 6
public key validation
|
R |
---|
Realm> element, JDBCRealm
realm-name> sub-element
realms
references to web sites
removePropertyChangeListener() method
responsibilities see roles. role-name> element
roles
|
S |
---|
scope
security
security permissions
security-constraint> element
server authentication, SSL, 9 server side policy files see policy files, Java 2
server.xml file
servlet 2.3 specification
servlet container
setContainer() method
shared secret encryption, SSL, 6 single sign-on
SSL (Secure Sockets Layer), 5
sub-elements
|
T |
---|
Thawte, certification authority
Tomcat
tomcat-users> element
transitive trust, SSL
transport-guarantee> element
|
U |
---|
url-pattern> element
user-data-constraint> sub-element
userInRole () method
|
V |
---|
VeriSign, certification authority
|
W |
---|
web sites see references to web sites. web-resource-collection> sub-element
|
| < Free Open Study > |
|