You May Like

Online Service

Web Tools
Escape HTML

Subscribe to RSS through Email:

Enter your email address:

RSS Subscription

From Java EE security to Acegi Print E-mail
Tag it:
Furl it!

From Java EE security to Acegi, The right way to protect your Web applications - By Dr. Xinyu Liu, JavaWorld

Protecting sensitive data and data transportation is a preliminary but critical requirement for application developers. The Internet is a public and insecure infrastructure connecting millions of computers world-wide for data interchange. Any device connected to the Internet faces various types of security threats, such as eavesdropping, masquerading, message tampering, replaying, infiltration, traffic analysis, or denial-of-service. Web applications generally deal with sensitive and valuable data as assets of the application owners. Security programming as part of Web development deserves all efforts.

Java EE is an industrial standard programming platform that makes cross-cutting concerns like security and transaction into standard services to free developers from muddy infrastructure coding jobs. The security services in Java EE enable developers to build strong and elaborate protections for their applications with minimum effort. Apart from Java EE, Spring is a fantastic and popular open source framework designed on top of the Java EE standard that addresses the missing or problematic pieces from earlier versions of the Java EE specification (1.0-1.4). Spring's features and value plus the fact that a Spring container can live in a Web server without a heavy-weight application container contribute to its continued dominance in the application framework market. Acegi designed for Spring provides flexible, powerful, and comprehensive security beyond what's available in the Java EE standard. The two independent security systems are discussed and compared from different angles in this article to help developers build strong, efficient, and elegant security solutions for their applications.

In reality, building a secure application is an enterprise-wide concern that can't be accomplished solely through Web developers' efforts. Collaborations from database specialists, network engineers, and Web server administrators are necessary. However, for this article's purposes, I focus our discussion on the Web developer's point of view.

Enterprise security

The purpose of enterprise security is to authenticate users and authorize access to different application functions and associated data. In many corporations, user demographics and security information are stored in a single repository in the form of LDAP, or lightweight directory access protocol, (perhaps federated) or a relational database to facilitate single sign-on (SSO). Security in the Java EE 5 specification addresses common and abstract application security concerns by leaving concrete implementations to server vendors. Security solutions using the standard Java EE security services are described as container-managed security (CMS) with portability across different Java EE platforms. Server vendors usually offer proprietary security extensions for issues not covered by the specification.


  No Comments.

< Prev   Next >

or browse in 35 languages:

Who's Online

Subscribe To

 Subscribe in RSS

Follow me...

Join MyiBook Network

Top 10 Most Downloaded