Chapter 9. Securing the Web Tier–Design Strategies and Best Practices

For J2EE applications, the Web tier represents the front door—the entry point for all users. It is also the most frequently used initial point of attack for an adversary looking for security weaknesses in an application. This chapter will review the vulnerabilities associated with the Web tier and the patterns used to protect against them.

Web-Tier Security Patterns

Authentication Enforcer


You need to verify that each request is from an authenticated entity, and since different classes handle different requests, authentication code is replicated in many places and the authentication mechanism can’t ...

Get Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.