You May Like

Subscribe to RSS through Email:

Enter your email address:

RSS Subscription

From Java EE security to Acegi Print E-mail
Tag it:

From Java EE security to Acegi, The right way to protect your Web applications - By Dr. Xinyu Liu, JavaWorld

Protecting sensitive data and data transportation is a preliminary but critical requirement for application developers. The Internet is a public and insecure infrastructure connecting millions of computers world-wide for data interchange. Any device connected to the Internet faces various types of security threats, such as eavesdropping, masquerading, message tampering, replaying, infiltration, traffic analysis, or denial-of-service. Web applications generally deal with sensitive and valuable data as assets of the application owners. Security programming as part of Web development deserves all efforts.

Java EE is an industrial standard programming platform that makes cross-cutting concerns like security and transaction into standard services to free developers from muddy infrastructure coding jobs. The security services in Java EE enable developers to build strong and elaborate protections for their applications with minimum effort. Apart from Java EE, Spring is a fantastic and popular open source framework designed on top of the Java EE standard that addresses the missing or problematic pieces from earlier versions of the Java EE specification (1.0-1.4). Spring's features and value plus the fact that a Spring container can live in a Web server without a heavy-weight application container contribute to its continued dominance in the application framework market. Acegi designed for Spring provides flexible, powerful, and comprehensive security beyond what's available in the Java EE standard. The two independent security systems are discussed and compared from different angles in this article to help developers build strong, efficient, and elegant security solutions for their applications.

In reality, building a secure application is an enterprise-wide concern that can't be accomplished solely through Web developers' efforts. Collaborations from database specialists, network engineers, and Web server administrators are necessary. However, for this article's purposes, I focus our discussion on the Web developer's point of view.

Enterprise security

The purpose of enterprise security is to authenticate users and authorize access to different application functions and associated data. In many corporations, user demographics and security information are stored in a single repository in the form of LDAP, or lightweight directory access protocol, (perhaps federated) or a relational database to facilitate single sign-on (SSO). Security in the Java EE 5 specification addresses common and abstract application security concerns by leaving concrete implementations to server vendors. Security solutions using the standard Java EE security services are described as container-managed security (CMS) with portability across different Java EE platforms. Server vendors usually offer proprietary security extensions for issues not covered by the specification.


  No Comments.

< Prev   Next >

Who's Online

We have 11 guests online

Subscribe To

 Subscribe in RSS

Follow me...

Top 10 Most Downloaded

HTML5 Games for Phone & Tablet

Job Vacancies

  • Lowongan Kerja Kepala Bengkel
    Pendidikan SMK OtomotifPengalaman min. 5 tahun dibidang yang serupaMemiliki keahlian mekanik truck dan alat beratMenguasai Ms. OfficeJujurBerjiwa PemimpinMampu kerjasama teamProblem SolverDisiplinRajinFisik Kuat
  • Lowongan Kerja Senior UI Designer
    Have a good knowledge of design principles UI/UX principles graphic fundamentals typography brand development and digital industrial needsHave a good skill in the website and mobile app designAble to work both individually and with the ...
  • Lowongan Kerja System/Business Analyst
    Min. S1 Computer Science/ Information Technology/ Engineering Computer/ Business AdministrationRequired skills : .NET programming Structure Query Language SQL JavaScriptAbility to create framework for ETL process to be used by project and other team memberStrong database ...