Introduction to Data Integrity and Confidentiality in Java EE web applications

Data integrity is the process of verifying if data is transmitted without corruption or modification, thus making sure that the data received at the receiver end is in fact the same message sent by the sender.  Confidentiality is the process of maintaining data privacy wherein we secure the communications channel, to make sure the data is not accessed in its original form by a third party by eavesdropping.

Confidentiality and data integrity are related to securing the communications channel.

Similar to authorization requirements, confidentiality and data integrity constraints are also defined using the <security-constraint> sub element of the <web-app> element. Confidentiality and data integrity are configured using <transport-guarantee> sub element of <user-data-constraint> element, which is a sub element of the <security-constraint> element.







Possible values for the <transport-guarantee> are:

  • NONE

    • No security required on the channel


    • Specifies that data integrity needs to be taken care on the channel

    • Done by creating a digest for each message sent between the client and server.

    • Digest is normally appended to the message being transmitted as supplementary information


    • Specifies that complete encryption is required on the channel

    • Usually implemented using HTTPS (Secure HTTP), which in turn uses SSL (Secure Socket Layer) encryption.

    • Encryption systems such as SSL includes message digests to ensure that the encrypted transmitted data is not modified during transmission.

    • CONFIDENTIAL implies INTEGRAL as well.

It is legal to declare only one <transport-guarantee> element.

If you specify transport guarantee as INTEGRAL or CONFIDENTIAL without configuring SSL and certificates, and request to a non-secure url, you will get a redirect url to corresponding https url, as you can see from tcpmon capture below:


However browser will not be able to connect to this new url if SSL is not configured.

We will see about configuring SSL and certificates and the usage of INTEGRAL and CONFIDENTIAL in another demo.


Quick Notes Finder Tags

Activities (1) advanced java (1) agile (3) App Servers (6) archived notes (2) Arrays (1) Best Practices (12) Best Practices (Design) (3) Best Practices (Java) (7) Best Practices (Java EE) (1) BigData (3) Chars & Encodings (6) coding problems (2) Collections (15) contests (3) Core Java (All) (55) course plan (2) Database (12) Design patterns (8) dev tools (3) downloads (2) eclipse (9) Essentials (1) examples (14) Exception (1) Exceptions (4) Exercise (1) exercises (6) Getting Started (18) Groovy (2) hadoop (4) hibernate (77) hibernate interview questions (6) History (1) Hot book (5) http monitoring (2) Inheritance (4) intellij (1) java 8 notes (4) Java 9 (1) Java Concepts (7) Java Core (9) java ee exercises (1) java ee interview questions (2) Java Elements (16) Java Environment (1) Java Features (4) java interview points (4) java interview questions (4) javajee initiatives (1) javajee thoughts (3) Java Performance (6) Java Programmer 1 (11) Java Programmer 2 (7) Javascript Frameworks (1) Java SE Professional (1) JPA 1 - Module (6) JPA 1 - Modules (1) JSP (1) Legacy Java (1) linked list (3) maven (1) Multithreading (16) NFR (1) No SQL (1) Object Oriented (9) OCPJP (4) OCPWCD (1) OOAD (3) Operators (4) Overloading (2) Overriding (2) Overviews (1) policies (1) programming (1) Quartz Scheduler (1) Quizzes (17) RabbitMQ (1) references (2) restful web service (3) Searching (1) security (10) Servlets (8) Servlets and JSP (31) Site Usage Guidelines (1) Sorting (1) source code management (1) spring (4) spring boot (3) Spring Examples (1) Spring Features (1) spring jpa (1) Stack (1) Streams & IO (3) Strings (11) SW Developer Tools (2) testing (1) troubleshooting (1) user interface (1) vxml (8) web services (1) Web Technologies (1) Web Technology Books (1) youtube (1)