Chapter 12. Application Security
Application security is a feature given immense attention in Ratpack. The conversation of security takes many forms; from access control to encryption of communications and user data, no modern production-grade application would be complete without the ability to ensure security for its users and data. We have already seen some of the levels of security Ratpack provides, with the ability to encrypt user session data, but there are many more core and optional security features available from the framework. As with the implementation of many other Ratpack features, the goal with these features is to make it as easy as possible to get security into your application.
SSL Support
A core feature of Ratpack is the ability to provide applications with the means to support secure communications with clients. It is highly advisable that any application that supports user sessions or authentication leverage secure communications. Following this practice will ensure that your users’ data is secure along the wire, and that no potential eavesdropper can hijack sensitive data as it flows from application to user.
The capability to secure communications in Ratpack comes in the form of supporting SSL HTTP channels in your application. In traditional JVM web applications (i.e., those that are servlet-based), integrating SSL support can be a complex configuration detail, and is often applied secondarily or after the fact. In Ratpack, however, supporting SSL need ...
Get Learning Ratpack now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.