9.2 MANAGING SECURITY
We have looked at some of the fundamentals of how the J2EE platform functions. In Chapter 8 we looked at the mechanisms for connecting mobile devices using HTTP, using JSPs or servlets to handle the inbound HTTP streams and to generate the outbound ones.
Returning to our goal of using J2EE technology to build a mobile services platform, we need to consider some of the implications of handling lots of users and lots of applications within a commercial context. We can envisage that different users will have different applications requirements and will therefore only subscribe to the ones of interest. It soon becomes apparent that we need a method for securing our applications. Some of our requirements might include:
- Being able to authenticate a user onto the services platform (i.e. that the user is a valid subscriber to the platform services).
- Being able to control subscriber access to particular applications (i.e. that a subscriber can access the applications they have paid to access and no others).
- Being able to protect one user's data from being illegally accessed by another user.
- Being able to centrally and easily manage security mechanisms in a maintainable and scalable fashion.
We shall now discuss how to address these issues in the sections that follow.
9.2.1 Securely Connecting the User
The first challenge in the security mechanism is to find a way to authenticate the user who is accessing the platform. All authentication systems follow a similar challenge–response ...
Get Next Generation Wireless Applications: Creating Mobile Applications in a Web 2.0 and Mobile 2.0 World, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.