Book Image

Java EE 8 Development with Eclipse - Third Edition

By : Ram Kulkarni
Book Image

Java EE 8 Development with Eclipse - Third Edition

By: Ram Kulkarni

Overview of this book

Java EE is one of the most popular tools for enterprise application design and development. With recent changes to Java EE 8 specifications, Java EE application development has become a lot simpler with the new specifications, some of which compete with the existing specifications. This guide provides a complete overview of developing highly performant, robust and secure enterprise applications with Java EE with Eclipse. The book begins by exploring different Java EE technologies and how to use them (JSP, JSF, JPA, JDBC, EJB, and more), along with suitable technologies for different scenarios. You will learn how to set up the development environment for Java EE applications and understand Java EE specifications in detail, with an emphasis on examples. The book takes you through deployment of an application in Tomcat, GlassFish Servers, and also in the cloud. It goes beyond the basics and covers topics like debugging, testing, deployment, and securing your Java EE applications. You'll also get to know techniques to develop cloud-ready microservices in Java EE.
Table of Contents (20 chapters)
Title Page
Copyright and Credits
Dedication
Packt Upsell
Free Chapter
1
Introducing JEE and Eclipse
Index

Authentication and authorization in JEE


Authentication is the process of verifying that the user is who he or she is claiming to be. This is typically done by asking the user to provide a username and password. Another way to verify the client identity is by asking for client certificates. In this chapter, we will look at password authentication only.

Authorization is the process of determining whether a user is allowed to perform certain actions in the application. The JEE specification allows role-based authorization. In the application, you specify roles that can perform an action, or access a resource, and then add users to these roles.

Unfortunately, securing JEE applications, as per JEE specifications, is not completely server-independent. There are parts of the configuration that are common across servers, and there are parts that are specific to server vendors. Common configurations are mostly done in web.xml or by using annotations. But, server-specific configurations vary from vendor...