The definitive guide to security in Jakarta EE : securing Java-based enterprise applications with Jakarta security, authorization, authentication and more /
Refer to this definitive and authoritative book to understand the Jakarta EE Security Spec, with Jakarta Authentication & Authorization as its underlying official foundation. Jakarta EE Security implementations are discussed, such as Soteria and Open Liberty, along with the build-in modules and...
| Main Authors: | , , |
|---|---|
| Format: | eBook |
| Language: | English |
| Published: |
New York, NY :
Apress,
[2022]
|
| Subjects: | |
| Online Access: | Connect to the full text of this electronic book |
Table of Contents:
- Intro
- Table of Contents
- About the Authors
- About the Technical Reviewer
- Chapter 1: Security History
- The Beginning
- Enter Jakarta EE
- Enter Jakarta Authorization
- Enter Jakarta Authentication
- Foreshadowing Shiro Part I
- IL DRBAC
- Enter Spring Security
- Where is Jakarta Authentication? Enter JAuth
- Foreshadowing Shiro Part II
- JSecurity
- Jakarta Authentication
- Edging closer
- Jakarta Authentication
- Finally in Jakarta EE
- Enter OmniSecurity
- Enter Jakarta Security
- Chapter 2: Jakarta EE Foundations
- Physical Security
- Technological Security
- Application Security
- OS Security
- Network Security
- Policies and Procedures
- Key Principles of Security
- Features of a Security Mechanism
- Distributed Multitiered Applications
- Single-Tier vs. Multitiered Applications
- The Jakarta EE Approach
- Security in Jakarta EE
- Simple Application Security Walkthrough
- Looking Ahead
- Authentication
- Something You Know
- Something You Have
- Something You Are
- Latest Trends in Authentication Methods
- Authentication Examples in Practice
- Authenticating Users Programmatically
- Authorization
- Access Control Lists
- Access Control Models
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC)
- Role-Based Access Control (RBAC)
- RBAC (Role-Based Access Control)
- Benefits of RBAC
- RBAC - Key Principles
- RBAC in Jakarta EE
- Users, Groups, and Roles
- What Is a User?
- What Is a Group?
- What Is a Role?
- Digital Certificates
- What Is a Digital Certificate
- Introduction to TLS
- Who Can Issue Certificates?
- Self-Signing a Certificate
- Certificate Authority
- Looking Ahead
- Authentication Mechanisms
- What Is an Authentication Mechanism?
- What Does an Authentication Mechanism Specify?
- Jakarta EE Authentication Mechanisms
- Basic Authentication
- What Is
- How It Works
- How to Configure It
- Form-Based Authentication
- What Is
- How It Works
- How to Configure It
- Digest Authentication
- What Is
- How It Works
- How to Configure It
- Client Authentication
- What Is
- How It Works
- How to Configure It
- Custom Form Authentication
- What Is
- How to Define It
- Identity Stores
- What Is an Identity Store?
- What Is the Purpose of an Identity Store?
- Identity Store and Jakarta EE
- IdentityStore - Theory of Operation
- Validating Credentials
- Retrieving Caller Information
- Declaring Capabilities
- How to Validate a User Credential
- Looking Ahead
- Chapter 3: Jakarta Authentication
- What Is Jakarta Authentication?
- Jakarta Authentication in Jakarta EE
- The Authentication Mechanism
- The Basic Authentication Mechanism
- The Form Authentication Mechanism
- Jakarta Authentication's ServerAuthModule
- Example ServerAuthModule
- Example ServerAuthModule - GlassFish
- Example ServerAuthModule - Tomcat
- Example ServerAuthModule - Basic