Chapter 24. Security
This chapter looks at one of the more challenging areas in Web application development, that of securing the Web application.
The chapter begins by examining security in general, and includes a breakdown of the term "security" into a number of different areas that can be addressed independently depending on the requirements of the Web application.
Next you will examine examples of how these security areas can be implemented using the Tomcat JSP and servlet container, and examples of use in JSP. This covers technologies such as SSL, and implementing different J2EE support authentication techniques such as basic, form, and client-certificate.
Finally, the chapter concludes with some examples of using programmatic authorization.
In particular, this chapter
Provides a general discussion about Web application security
Shows how to configure Tomcat with SSL
Shows examples of the J2EE-supported authentication types
Shows examples of programmatic authorization
Areas of Security
The security of Web applications is covered by a number of different areas. These areas will generally relate to different requirements for the Web application and the data that is used by the Web application. The sorts of questions that can be used to identify how and what should be secured are as follows:
Who is allowed to access the Web application?
How will you identify the users?
Are there any restrictions on where the application is accessed from?
Is any of the application data private?
can add/modify/delete ...
Get Beginning JavaServer Pages™ now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
