| | Copyright |
| | Foreword |
| | Preface |
| | About the Authors |
| | Part I: Enterprise Security and Java |
| | | Chapter 1. An Overview of Java Technology and Security |
| | | Section 1.1. Why Java Technology for Enterprise Applications? |
| | | Section 1.2. Enterprise Java Technology |
| | | Section 1.3. Java Technology as Part of Security |
| | | Section 1.4. An Overview of Enterprise Security Integration |
| | | Section 1.5. Time to Market |
| | | Chapter 2. Enterprise Network Security and Java Technology |
| | | Section 2.1. Networked Architectures |
| | | Section 2.2. Network Security |
| | | Section 2.3. Server-Side Java Technology |
| | | Section 2.4. Java and Firewalls |
| | | Section 2.5. Summary |
| | Part II: Enterprise Java Components Security |
| | | Chapter 3. Enterprise Java Security Fundamentals |
| | | Section 3.1. Enterprise Systems |
| | | Section 3.2. J2EE Applications |
| | | Section 3.3. Secure Interoperability between ORBs |
| | | Section 3.4. Connectors |
| | | Section 3.5. JMS |
| | | Section 3.6. Simple E-Business Request Flow |
| | | Section 3.7. J2EE Platform Roles |
| | | Section 3.8. J2EE Security Roles |
| | | Section 3.9. Declarative Security Policies |
| | | Section 3.10. Programmatic Security |
| | | Section 3.11. Secure Communication within a WAS Environment |
| | | Section 3.12. Secure E-Business Request Flow |
| | | Chapter 4. Servlet and JSP Security |
| | | Section 4.1. Introduction |
| | | Section 4.2. Advantages of Servlets |
| | | Section 4.3. Servlet Life Cycle |
| | | Section 4.4. The Deployment Descriptor of a Web Module |
| | | Section 4.5. Authentication |
| | | Section 4.6. Authorization |
| | | Section 4.7. Principal Delegation |
| | | Section 4.8. Programmatic Security |
| | | Section 4.9. Runtime Restrictions for Web Components |
| | | Section 4.10. Usage Patterns |
| | | Section 4.11. Partitioning Web Applications |
| | | Chapter 5. EJB Security |
| | | Section 5.1. Introduction |
| | | Section 5.2. EJB Roles and Security |
| | | Section 5.3. Authentication |
| | | Section 5.4. Authorization |
| | | Section 5.5. Delegation |
| | | Section 5.6. Security Considerations |
| | | Chapter 6. Enterprise Java Security Deployment Scenarios |
| | | Section 6.1. Planning a Secure-Component System |
| | | Section 6.2. Deployment Topologies |
| | | Section 6.3. Secure Communication Channel |
| | | Section 6.4. Security Considerations |
| | Part III: The Foundations of Java 2 Security |
| | | Chapter 7. J2SE Security Fundamentals |
| | | Section 7.1. Access to Classes, Interfaces, Fields, and Methods |
| | | Section 7.2. Class Loaders |
| | | Section 7.3. The Class File Verifier |
| | | Section 7.4. The Security Manager |
| | | Section 7.5. Interdependence of the Three Java Security Legs |
| | | Section 7.6. Summary |
| | | Chapter 8. The Java 2 Permission Model |
| | | Section 8.1. Overview of the Java 2 Access-Control Model |
| | | Section 8.2. Java Permissions |
| | | Section 8.3. Java Security Policy |
| | | Section 8.4. The Concept of CodeSource |
| | | Section 8.5. ProtectionDomain s |
| | | Section 8.6. The Basic Java 2 Access-Control Model |
| | | Section 8.7. Privileged Java 2 Code |
| | | Section 8.8. ProtectionDomain Inheritance |
| | | Section 8.9. Performance Issues in the Java 2 Access-Control Model |
| | | Section 8.10. Summary |
| | | Chapter 9. Authentication and Authorization with JAAS |
| | | Section 9.1. Overview of JAAS and JAAS Terminology |
| | | Section 9.2. Authentication |
| | | Section 9.3. Authorization Overview |
| | | Section 9.4. JAAS and J2EE |
| | | Section 9.5. Additional Support for Pluggable Authentication |
| | Part IV: Enterprise Java and Cryptography |
| | | Chapter 10. The Theory of Cryptography |
| | | Section 10.1. The Purpose of Cryptography |
| | | Section 10.2. Secret-Key Cryptography |
| | | Section 10.3. Public-Key Cryptography |
| | | Chapter 11. The Java 2 Platform and Cryptography |
| | | Section 11.1. The JCA and JCE Frameworks |
| | | Section 11.2. The JCA API |
| | | Section 11.3. The JCE API |
| | | Section 11.4. JCE in Practice |
| | | Section 11.5. Security Considerations |
| | | Chapter 12. PKCS and S/MIME in J2EE |
| | | Section 12.1. PKCS Overview |
| | | Section 12.2. S/ MIME Overview |
| | | Section 12.3. Signing and Verifying Transactions with PKCS and S/ MIME |
| | | Section 12.4. Encrypting Transactions with PKCS and S/ MIME |
| | | Section 12.5. Security Considerations |
| | | Section 12.6. Future Directions |
| | | Chapter 13. The SSL and TLS Protocols in a J2EE Environment |
| | | Section 13.1. The SSL and TLS Protocols |
| | | Section 13.2. HTTPS |
| | | Section 13.3. Using the SSL Support Built into J2EE Products |
| | | Section 13.4. Using SSL from within J2EE Programs |
| | | Section 13.5. Examples |
| | | Section 13.6. Summary |
| | Part V: Advanced Topics |
| | | Chapter 14. Enterprise Security for Web Services |
| | | Section 14.1. XML |
| | | Section 14.2. SOAP |
| | | Section 14.3. WSDL |
| | | Section 14.4. Security for Web Services: Motivations |
| | | Section 14.5. Security Technologies |
| | | Section 14.6. Web Services Security Model Principles |
| | | Section 14.7. Application Patterns |
| | | Section 14.8. Use Scenario |
| | | Section 14.9. Web Services Provider Security |
| | | Section 14.10. Security Considerations |
| | | Section 14.11. Futures |
| | | Chapter 15. Security Considerations for Container Providers |
| | | Section 15.1. Understanding the Environment |
| | | Section 15.2. Authentication |
| | | Section 15.3. Authorization |
| | | Section 15.4. Secure Communication |
| | | Section 15.5. Secure Association |
| | | Section 15.6. Access to System Resources |
| | | Section 15.7. Mapping Identities at Connector Boundaries |
| | | Chapter 16. Epilogue |
| | Part VI: Appendixes |
| | | Appendix A. Security of Distributed Object Architectures |
| | | Section A.1. RMI |
| | | Section A.2. Stubs and Skeletons |
| | | Section A.3. RMI Registry |
| | | Section A.4. The Security of RMI |
| | | Appendix B. X.509 Digital Certificates |
| | | Section B.1. X.509 Certificate Versions |
| | | Appendix C. Technical Acronyms Used in This Book |
| | | A |
| | | B |
| | | C |
| | | D |
| | | E |
| | | F |
| | | G |
| | | H |
| | | I |
| | | J |
| | | K |
| | | L |
| | | M |
| | | N |
| | | O |
| | | P |
| | | Q |
| | | R |
| | | S |
| | | T |
| | | U |
| | | V |
| | | W |
| | | X |
| | | Appendix D. Sources Used in This Book |