book

Enterprise Java™ Security: Building Secure J2EE™ Applications

Name: Enterprise Java™ Security: Building Secure J2EE™ Applications
ISBN: 0321118898

by Marco Pistoia, Nataraj Nagaratnam, Larry Koved, Anthony Nadalin

February 2004

Intermediate to advanced

608 pages

15h 11m

English

Addison-Wesley Professional

Read now

Unlock full access

Copyright
Dedication
Foreword
Preface
About the Authors
I. Enterprise Security and Java
1. An Overview of Java Technology and Security
1.1. Why Java Technology for Enterprise Applications?1.1.1. Java 2 Platform, Standard Edition1.1.2. Java 2 Platform, Enterprise Edition1.1.3. Java Components1.1.3.1. Development Environment and Libraries1.1.3.2. Execution Environment and Runtime Libraries1.1.3.3. Interfaces and Architectures1.1.4. Java Security Technologies: Integral, Evolving, and Interoperable1.1.5. Portability in a Heterogeneous World1.2. Enterprise Java Technology1.2.1. The Middle Tier: Servlets, JSP, and EJB1.2.2. Component Software: A Step in the Right Direction1.2.3. Secure Communication in an Enterprise1.3. Java Technology as Part of Security1.4. An Overview of Enterprise Security Integration1.4.1. Authentication and Authorization Services1.4.2. Cryptographic Services1.4.3. Firewalls1.5. Time to Market1.5.1. Support for Essential Technical Standards1.5.2. Engineering Software in a Heterogeneous World1.5.3. Time Is of the Essence
2. Enterprise Network Security and Java Technology
2.1. Networked Architectures2.1.1. Two-Tier Architectures2.1.2. Three-Tier Architectures2.2. Network Security2.3. Server-Side Java Technology2.3.1. WAS Components2.3.1.1. Servlet Container2.3.1.2. EJB Container2.3.2. WAS Security Environment2.4. Java and Firewalls2.4.1. TCP/IP Packets2.4.2. Program Communication through a Firewall2.4.2.1. Proxy Servers2.4.2.2. SOCKS2.4.2.3. Proxy Servers versus SOCKS Gateways2.4.3. The Effect of Firewalls on Java Programs2.4.3.1. Using HTTP for Applet Downloading2.4.3.2. Using a Firewall to Stop Java Downloads2.4.3.3. Java Network Connections through the Firewall2.4.3.4. RMI through the Firewall2.5. Summary
II. Enterprise Java Components Security
3. Enterprise Java Security Fundamentals
3.1. Enterprise Systems3.2. J2EE Applications3.2.1. EJB Modules3.2.2. Web Modules3.2.3. Application Client Modules3.3. Secure Interoperability between ORBs3.4. Connectors3.5. JMS3.6. Simple E-Business Request Flow3.7. J2EE Platform Roles3.7.1. Application Component Provider3.7.1.1. Access of Resources in the Underlying Operating System3.7.1.2. Security Recommendations3.7.1.3. Programmatic Access to the Caller's Security Context3.7.1.4. Conveying the Use of Role References3.7.2. Application Assembler3.7.2.1. Defining EJB Method Permissions3.7.2.2. Defining Web Resources Security Constraints3.7.2.3. Declaring Security Roles within a J2EE Application3.7.3. Deployer3.7.3.1. Reading the Security View of the J2EE Application3.7.3.2. Configuring the Security Domain3.7.3.3. Assigning of Principals to Security Roles3.7.3.4. Configuring Principal Delegation3.7.4. System Administrator3.7.4.1. Administering the Security Domain3.7.4.2. Assigning Application Roles to Users and Groups3.7.5. J2EE Product Provider3.7.5.1. Supplying Deployment Tools3.7.5.2. Configuring Security Domains3.7.5.3. Supplying Mechanisms to Enforce Security Policies3.7.5.4. Providing Tools for Principal Delegation3.7.5.5. Providing Access to the Caller's Security Context3.7.5.6. Supplying Runtime Security Enforcement3.7.5.7. Providing a Security Audit Trail3.8. J2EE Security Roles3.9. Declarative Security Policies3.9.1. Login-Configuration Policy3.9.1.1. Authentication Method in Login Configuration3.9.1.2. Secure-Channel Constraint3.9.2. Authorization Policy3.9.3. Delegation Policy3.9.4. Connection Policy3.10. Programmatic Security3.10.1. Retrieving Identity Information3.10.1.1. From a Servlet or JSP File3.10.1.2. From an Enterprise Bean3.10.2. Proactive Authorization3.10.2.1. From a Servlet or JSP File3.10.2.2. From an Enterprise Bean3.10.3. Application-Managed Sign-On to an EIS3.11. Secure Communication within a WAS Environment3.12. Secure E-Business Request Flow
4. Servlet and JSP Security
4.1. Introduction4.1.1. Java Servlets4.1.2. JSP Technology4.2. Advantages of Servlets4.3. Servlet Life Cycle4.4. The Deployment Descriptor of a Web Module4.5. Authentication4.5.1. Login-Configuration Policy4.5.1.1. HTTP Authentication Method4.5.1.2. Form-Based Authentication Method4.5.1.3. Certificate-Based Authentication Method4.5.2. Single Sign-On4.6. Authorization4.6.1. Invocation Chain4.6.2. Protecting a Specific URL4.6.3. Protecting a URL Pattern4.6.3.1. URL Path-Prefix Protection4.6.3.2. URL Extension Protection4.6.4. Protecting from Everyone4.6.5. Understanding the Precedence Rules4.6.6. Data Constraints—Only over SSL!4.7. Principal Delegation4.8. Programmatic Security4.8.1. Principal Information4.8.2. Authorization Information4.8.3. SSL Attribute Information: Certificates and Cipher Suites4.8.4. Programmatic Login4.9. Runtime Restrictions for Web Components4.10. Usage Patterns4.10.1. Using HTTPS to Connect to External HTTP Servers4.10.2. Maintaining the State Securely4.10.2.1. HTTP Cookies4.10.2.2. HTTP and SSL Sessions4.10.3. Pre- and Post-Servlet Processing4.11. Partitioning Web Applications

5. EJB Security
5.1. Introduction5.2. EJB Roles and Security5.2.1. Enterprise Bean Provider5.2.1.1. Communicating with an Enterprise Bean5.2.1.2. Scenario5.2.1.3. Security APIs for Enterprise Beans5.2.1.4. EJB Runtime Restrictions5.2.2. Application Assembler5.2.2.1. EJB Security Roles5.2.2.2. EJB Method Authorizations5.2.2.3. Linking EJB Security Roles to Role References5.2.2.4. EJB Principal Delegation5.2.3. Deployer5.2.4. System Administrator5.2.5. EJB Container Provider5.3. Authentication5.4. Authorization5.5. Delegation5.6. Security Considerations
6. Enterprise Java Security Deployment Scenarios
6.1. Planning a Secure-Component System6.1.1. Client Access6.1.2. Presentation Layer6.1.2.1. Static Content6.1.2.2. Dynamic Content6.1.3. Business Logic6.1.4. Resource Adapters and Legacy Applications6.2. Deployment Topologies6.2.1. Entry Level6.2.2. Clustered Environment6.2.3. Adding Another Level of Defense6.2.4. Defending with a Secure Caching Reverse Proxy Server6.3. Secure Communication Channel6.3.1. HTTP Connections6.3.2. IIOP Connections6.3.3. JMS Connections6.3.4. Connections to Non-J2EE Systems6.3.5. Exploring Other Options6.4. Security Considerations
III. The Foundations of Java 2 Security
7. J2SE Security Fundamentals
7.1. Access to Classes, Interfaces, Fields, and Methods7.2. Class Loaders7.2.1. Security Responsibilities of the Class-Loading Mechanism7.2.2. Levels of Trustworthiness of Loaded Classes7.2.2.1. Loading Classes from Trusted Sources7.2.2.2. Loading Classes from Untrusted SourcesApplication ClassesExtension ClassesClasses from Remote Network Locations7.2.3. The Class-Loading Process7.2.3.1. Enforcing the Correct Search Order: The Design7.2.3.2. The Class-Loading Delegation Hierarchy: The Implementation7.2.4. Building a Customized ClassLoader7.3. The Class File Verifier7.3.1. The Duties of the Class File Verifier7.3.2. The Four Passes of the Class File Verifier7.3.2.1. File-Integrity Check7.3.2.2. Class-Integrity Check7.3.2.3. Bytecode-Integrity Check7.3.2.4. Runtime Integrity Check7.3.3. The Bytecode Verifier in Detail7.3.4. An Example of Class File Verification7.4. The Security Manager7.4.1. What the SecurityManager Does7.4.2. Operation of the SecurityManager7.4.3. Types of Attack7.4.3.1. Infiltrating Local Classes7.4.3.2. Type Confusion7.4.3.3. Network Loopholes7.4.3.4. JavaScript Back Doors7.4.4. Malicious Code7.4.4.1. Cycle Stealing7.4.4.2. Impersonation7.4.5. SecurityManager Extensions7.4.5.1. Ignoring Policy7.4.5.2. Logging7.4.5.3. Enforcing Password-Based Protection7.5. Interdependence of the Three Java Security Legs7.6. Summary
8. The Java 2 Permission Model
8.1. Overview of the Java 2 Access-Control Model8.1.1. Lexical Scoping of Privilege Modifications8.1.2. Java 2 Security Tools8.1.2.1. The jar Utility8.1.2.2. The keytool Utility8.1.2.3. The jarsigner Utility8.1.2.4. The Policy Tool8.1.3. JAAS8.2. Java Permissions8.2.1. Permission Target and Actions8.2.2. The PermissionCollection and Permissions Classes8.2.3. The implies() Method in the Permission Class8.2.4. The implies() Method in PermissionCollection and Permissions8.2.5. Permissions Implicitly Equivalent to AllPermission8.3. Java Security Policy8.3.1. Combining Multiple Signers8.3.2. Multiple Policy Files, One Active Policy8.4. The Concept of CodeSource8.5. ProtectionDomains8.5.1. The implies() Method in the ProtectionDomain Class8.5.2. System Domain and Application Domains8.5.3. Relation between Classes, ProtectionDomains, and Permissions8.6. The Basic Java 2 Access-Control Model8.6.1. Scenario: Simple Check of the Current Thread8.6.2. SecurityManager and AccessController8.7. Privileged Java 2 Code8.7.1. Security Recommendations on Making Code Privileged8.7.2. How to Write Privileged Code8.7.3. Privileged-Code Scenario8.8. ProtectionDomain Inheritance8.9. Performance Issues in the Java 2 Access-Control Model8.9.1. Removal of Duplicate ProtectionDomains8.9.2. Filtering Out of the System Domain8.9.3. Verification Stopped at the First Privileged Stack Frame8.10. Summary
9. Authentication and Authorization with JAAS
9.1. Overview of JAAS and JAAS Terminology9.2. Authentication9.2.1. Pluggable Authentication via LoginModules9.2.2. JAAS LoginModule Examples9.2.2.1. First Scenario9.2.2.2. Second Scenario9.2.2.3. Third Scenario9.3. Authorization Overview9.3.1. A Brief Review of J2SE ProtectionDomain-Based Authorization9.3.2. Adding a Subject to a Thread9.3.2.1. Fourth Scenario9.3.3. Security Authorization Policy File9.3.4. Examples of the Subject-Based Authorization Algorithm9.3.4.1. Fifth Scenario9.3.5. Additional Observations about JAAS9.4. JAAS and J2EE9.4.1. Web Application Servers Executing in Various JVMs9.4.2. JAAS Subject in a J2EE Environment9.4.3. Bridging the Gap9.4.4. Enterprise Security Policy Management9.5. Additional Support for Pluggable Authentication
IV. Enterprise Java and Cryptography
10. The Theory of Cryptography
10.1. The Purpose of Cryptography10.2. Secret-Key Cryptography10.2.1. Algorithms and Techniques10.2.1.1. Substitutions and Transpositions10.2.1.2. The XOR Operation10.2.1.3. Stream Ciphers10.2.1.4. Block CiphersFeistel CiphersDESTriple-DESIDEARijndael10.2.1.5. Modes of OperationECBCBC10.2.2. Secret-Key Security Attributes10.2.2.1. Key Space10.2.2.2. Confidentiality10.2.2.3. Nonrepudiation10.2.2.4. Data Integrity and Data-Origin Authentication10.3. Public-Key Cryptography10.3.1. Algorithms and Techniques10.3.1.1. RSABasic RSA ConceptsHow the RSA Algorithm WorksSecurity Considerations10.3.1.2. Diffie-HellmanBasic DH ConceptsHow the DH Algorithm WorksSecurity Considerations10.3.1.3. Elliptic CurveBasic Elliptic-Curve ConceptsThe Elliptic-Curve AlgorithmSecurity Considerations10.3.2. Public-Key Security Attributes10.3.2.1. Confidentiality10.3.2.2. Data Integrity, Data-Origin Authentication, and Nonrepudiation10.3.3. Digital Signatures10.3.3.1. RSA Signature10.3.3.2. DSA Signature10.3.4. Digital Certificates10.3.5. Key Distribution
11. The Java 2 Platform and Cryptography
11.1. The JCA and JCE Frameworks11.1.1. Terms and Definitions11.1.2. The Principles of JCA and JCE11.1.2.1. Implementation Independence11.1.2.2. Implementation Interoperability11.1.2.3. Algorithm Independence11.1.2.4. Algorithm Extensibility11.1.3. JCA and JCE Providers11.1.3.1. Design11.1.3.2. Implementation11.1.3.3. Configuration and ManagementCopy the Provider PackageConfigure the Provider11.1.4. Engine and SPI Classes11.2. The JCA API11.2.1. The java.security.SecureRandom Class11.2.2. The java.security.Key Interface11.2.3. The PublicKey and PrivateKey Interfaces in Package java.security11.2.4. The java.security.KeyFactory Class11.2.5. The java.security.KeyPair Class11.2.6. The java.security.KeyPairGenerator Class11.2.7. The java.security.KeyStore Class11.2.8. The java.security.MessageDigest Class11.2.9. The java.security.Signature Class11.2.10. The AlgorithmParameters and AlgorithmParameterGenerator Classes in Package java.security11.2.11. The java.security.SignedObject Class11.2.12. The java.security.spec Package11.2.13. The java.security.cert Package11.2.14. The java.security.interfaces Package11.3. The JCE API11.3.1. The javax.crypto.Cipher Class11.3.2. The CipherInputStream and CipherOutputStream Classes in the javax.crypto Package11.3.3. The javax.crypto.SecretKey Interface11.3.4. The javax.crypto.spec.SecretKeySpec Class11.3.5. The javax.crypto.KeyGenerator Class11.3.6. The javax.crypto.SecretKeyFactory Class11.3.7. The javax.crypto.SealedObject Class11.3.8. The javax.crypto.KeyAgreement Class11.3.9. The javax.crypto.Mac Class11.4. JCE in Practice11.4.1. Bob's Program11.4.2. Alice's Program11.5. Security Considerations
12. PKCS and S/MIME in J2EE
12.1. PKCS Overview12.1.1. PKCS#1: RSA Cryptography Standard12.1.2. PKCS#5: Password-Based Cryptography Standard12.1.3. PKCS#7: Cryptographic Message Syntax Standard12.1.4. PKCS#8: Private-Key Information Syntax Standard12.1.5. PKCS#9: Selected Attribute Types12.1.6. PKCS#10: Certification Request Syntax Standard12.1.7. PKCS#12: Personal Information Exchange Syntax Standard12.2. S/MIME Overview12.3. Signing and Verifying Transactions with PKCS and S/MIME12.3.1. Considerations on the PKCS#7 Standard12.3.2. Using PKCS and S/MIME12.4. Encrypting Transactions with PKCS and S/MIME12.5. Security Considerations12.6. Future Directions
13. The SSL and TLS Protocols in a J2EE Environment
13.1. The SSL and TLS Protocols13.1.1. The Record Protocol13.1.2. The Handshake Protocol13.2. HTTPS13.3. Using the SSL Support Built into J2EE Products13.3.1. SSL to Protect User ID and Password during Authentication13.3.2. SSL in Certificate-Based Authentication13.3.3. Reverse Proxy Server and WAS Mutual Authentication13.3.4. SSL in Cookie-Based Single Sign-On13.3.5. Single Sign-On with Certificate-Based Authentication13.3.6. SSL to Protect the Communication Channel13.4. Using SSL from within J2EE Programs13.4.1. JSSE13.4.2. Trust Managers13.4.3. Truststores13.5. Examples13.5.1. Basic Scenario without SSL13.5.2. Scenarios with SSL13.5.2.1. Scenario with No Authentication13.5.2.2. Scenario with SSL Server Authentication13.5.2.3. Scenario with Both SSL Server and Client Authentication13.6. Summary
V. Advanced Topics
14. Enterprise Security for Web Services
14.1. XML14.2. SOAP14.3. WSDL14.4. Security for Web Services: Motivations14.5. Security Technologies14.5.1. XML and Cryptography14.5.2. WS-Security14.6. Web Services Security Model Principles14.6.1. Web Services Message Security14.6.2. WS-Policy14.6.3. WS-Trust14.6.4. WS-SecureConversation14.6.5. WS-Privacy14.6.6. WS-Federation14.6.7. WS-Authorization14.6.8. Example14.7. Application Patterns14.8. Use Scenario14.9. Web Services Provider Security14.9.1. User Authentication14.9.2. Authorization Enforcement14.10. Security Considerations14.11. Futures
15. Security Considerations for Container Providers
15.1. Understanding the Environment15.2. Authentication15.2.1. Authentication Mechanisms15.2.2. Using JAAS LoginModules15.2.3. User Information15.2.4. Single Sign-On15.3. Authorization15.4. Secure Communication15.4.1. Using JSSE15.4.2. Client Certificates15.5. Secure Association15.6. Access to System Resources15.7. Mapping Identities at Connector Boundaries
16. Epilogue
VI. Appendixes
A. Security of Distributed Object Architectures
A.1. RMIA.2. Stubs and SkeletonsA.3. RMI RegistryA.4. The Security of RMI
B. X.509 Digital Certificates
B.1. X.509 Certificate Versions
C. Technical Acronyms Used in This Book
ABCDEFGHIJKLMNOPQRSTUVWX
D. Sources Used in This Book

Content preview from Enterprise Java™ Security: Building Secure J2EE™ Applications

About the Authors

This book was written by a team of IBM security researchers and architects who have had a major impact in the definition of the Java security architecture and its related technologies. The leader of this project was Marco Pistoia.

Marco Pistoia is a Research Staff Member in the Java and Web Services Security department, a part of the Networking Security, Privacy and Cryptography department at the IBM Thomas J. Watson Research Center in Yorktown Heights, New York. He has written ten books and several papers and journal articles on all areas of Java and e-business security. His latest book, Java 2 Network Security, Second Edition, was published by Prentice Hall in 1999. He has presented at several conferences worldwide: Sun Microsystems' ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Real 802.11 Security: Wi-Fi Protected Access and 802.11i

Publisher Resources

ISBN: 0321118898Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Enterprise Java™ Security: Building Secure J2EE™ Applications

by Marco Pistoia, Nataraj Nagaratnam, Larry Koved, Anthony Nadalin

About the Authors

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.