Submitted by heartin on Sat, 04/18/2015 - 09:36
Data integrity is the process of verifying if data is transmitted without corruption or modification, thus making sure that the data received at the receiver end is in fact the same message sent by the sender. Confidentiality is the process of maintaining data privacy wherein we secure the communications channel, to make sure the data is not accessed in its original form by a third party by eavesdropping.
Confidentiality and data integrity are related to securing the communications channel.
Submitted by heartin on Sat, 04/18/2015 - 09:20
In the response for first request to a non secure url, you will get a redirect url to a new https url, as you can see from tcpmon capture:
Submitted by heartin on Sat, 04/18/2015 - 07:48
You will get an error: HTTP Status 500 - No login page was defined for FORM authentication in context.
Submitted by heartin on Sat, 04/18/2015 - 07:43
You will get an error: HTTP Status 401 - No client certificate chain in this request.
Submitted by heartin on Sat, 04/18/2015 - 02:58
Submitted by heartin on Sat, 04/18/2015 - 02:45
We have seen enough theory on Authentication and Authorization. Now we will actually get our hands dirty trying it out for basic and digest authentication.
Steps to configure basic/digest authentication can be summarized as:
Define the type of authentication (here BASIC/DIGEST)
Define roles, users and create mapping between them
Define resource collections to which security should be applied
Submitted by heartin on Sat, 04/18/2015 - 00:53
Authorization is the process of checking if a user is allowed to access a particular resource on the server. To identify the user, we need to first do authentication and hence authentication is the first step towards authorization.
Authorization may be done in different ways, including:
Programmatically controlling access to resources based on individual user’s credentials.
Assigning users into different groups called roles and assigning permissions based on the roles
Submitted by heartin on Sat, 04/18/2015 - 00:15
Authentication is the process of verifying if the user, usually with a username and password. Once authenticated, we may call a user as an authenticated user or a logged in user.
Java EE provides four different ways to authenticate a user:
Submitted by heartin on Fri, 04/17/2015 - 23:47
Security is one of the most important aspects of almost all web applications. There are many areas of concern like client and server machine security, transmission channel security, database security etc.
While most security concerns are the responsibility of server or network administrators, application developers should also be concerned about some of the aspects of security such as authentication, authorization, data integrity and confidentiality.
Submitted by heartin on Sun, 04/12/2015 - 13:06
Security is an important aspect of any web application. This book currently tries to cover the security related topics required to pass the exam for Java EE 6 Web Component Developer Certified Expert Exam.