The definitive guide to security in Jakarta EE : securing Java-based enterprise applications with Jakarta security, authorization, authentication and more /

Refer to this definitive and authoritative book to understand the Jakarta EE Security Spec, with Jakarta Authentication & Authorization as its underlying official foundation. Jakarta EE Security implementations are discussed, such as Soteria and Open Liberty, along with the build-in modules and...

Full description

Bibliographic Details
Main Authors: Tijms, Arjan (Author), Bais, Teo (Author), Keil, Werner (Author)
Format: eBook
Language:English
Published: New York, NY : Apress, [2022]
Subjects:
Online Access:Connect to the full text of this electronic book
Table of Contents:
  • Intro
  • Table of Contents
  • About the Authors
  • About the Technical Reviewer
  • Chapter 1: Security History
  • The Beginning
  • Enter Jakarta EE
  • Enter Jakarta Authorization
  • Enter Jakarta Authentication
  • Foreshadowing Shiro Part I
  • IL DRBAC
  • Enter Spring Security
  • Where is Jakarta Authentication? Enter JAuth
  • Foreshadowing Shiro Part II
  • JSecurity
  • Jakarta Authentication
  • Edging closer
  • Jakarta Authentication
  • Finally in Jakarta EE
  • Enter OmniSecurity
  • Enter Jakarta Security
  • Chapter 2: Jakarta EE Foundations
  • Physical Security
  • Technological Security
  • Application Security
  • OS Security
  • Network Security
  • Policies and Procedures
  • Key Principles of Security
  • Features of a Security Mechanism
  • Distributed Multitiered Applications
  • Single-Tier vs. Multitiered Applications
  • The Jakarta EE Approach
  • Security in Jakarta EE
  • Simple Application Security Walkthrough
  • Looking Ahead
  • Authentication
  • Something You Know
  • Something You Have
  • Something You Are
  • Latest Trends in Authentication Methods
  • Authentication Examples in Practice
  • Authenticating Users Programmatically
  • Authorization
  • Access Control Lists
  • Access Control Models
  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Role-Based Access Control (RBAC)
  • RBAC (Role-Based Access Control)
  • Benefits of RBAC
  • RBAC - Key Principles
  • RBAC in Jakarta EE
  • Users, Groups, and Roles
  • What Is a User?
  • What Is a Group?
  • What Is a Role?
  • Digital Certificates
  • What Is a Digital Certificate
  • Introduction to TLS
  • Who Can Issue Certificates?
  • Self-Signing a Certificate
  • Certificate Authority
  • Looking Ahead
  • Authentication Mechanisms
  • What Is an Authentication Mechanism?
  • What Does an Authentication Mechanism Specify?
  • Jakarta EE Authentication Mechanisms
  • Basic Authentication
  • What Is
  • How It Works
  • How to Configure It
  • Form-Based Authentication
  • What Is
  • How It Works
  • How to Configure It
  • Digest Authentication
  • What Is
  • How It Works
  • How to Configure It
  • Client Authentication
  • What Is
  • How It Works
  • How to Configure It
  • Custom Form Authentication
  • What Is
  • How to Define It
  • Identity Stores
  • What Is an Identity Store?
  • What Is the Purpose of an Identity Store?
  • Identity Store and Jakarta EE
  • IdentityStore - Theory of Operation
  • Validating Credentials
  • Retrieving Caller Information
  • Declaring Capabilities
  • How to Validate a User Credential
  • Looking Ahead
  • Chapter 3: Jakarta Authentication
  • What Is Jakarta Authentication?
  • Jakarta Authentication in Jakarta EE
  • The Authentication Mechanism
  • The Basic Authentication Mechanism
  • The Form Authentication Mechanism
  • Jakarta Authentication's ServerAuthModule
  • Example ServerAuthModule
  • Example ServerAuthModule - GlassFish
  • Example ServerAuthModule - Tomcat
  • Example ServerAuthModule - Basic