Book Image

GlassFish Security

By : Masoud Kalali
Book Image

GlassFish Security

By: Masoud Kalali

Overview of this book

<p>Security was, is, and will be one of the most important aspects of Enterprise Applications and one of the most challenging areas for architects, developers, and administrators. It is mandatory for Java EE application developers to secure their enterprise applications using Glassfish security features.<br /><br />Learn to secure Java EE artifacts (like Servlets and EJB methods), configure and use GlassFish JAAS modules, and establish environment and network security using this practical guide filled with examples. One of the things you will love about this book is that it covers the advantages of protecting application servers and web service providers using OpenSSO.<br /><br />The book starts by introducing Java EE security in Web, EJB, and Application Client modules. Then it introduces the Security Realms provided in GlassFish, which developers and administrators can use to complete the authentication and authorization setup. In the next step, we develop a completely secure Java EE application with Web, EJB, and Application Client modules.<br /><br />The next part includes a detailed and practical guide to setting up, configuring, and extending GlassFish security. This part covers everything an administrator needs to know about GlassFish security, starting from installation and operating environment security, listeners and password security, through policy enforcement, to auditing and developing new auditing modules.</p> <p>Before starting the third major part of the book, we have a chapter on OpenDS discussing how to install, and administrate OpenDS. The chapter covers importing and exporting data, setting up replications, backup and recovery and finally developing LDAP based solutions using OpenDS and Java.</p> <p>Finally the third part starts by introducing OpenSSO and continues with guiding you through OpenSSO features, installation, configuration and how you can use it to secure Java EE applications in general and web services in particular. Identity Federation and SSO are discussed in the last chapter of the book along with a working sample.</p>

Related Content you might be interested in

Current Title:

Small book image
GlassFish Security
Masoud Kalali
May, 2010 | 296 pages
No titles found
Table of Contents (14 chapters)
GlassFish Security
GlassFish Security
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
Preface
Preface
Free Chapter
1
Java EE Security Model
Java EE Security Model
Overview of Java EE architecture
Understanding a typical Java EE application
Accessing protected resource inside a Web module
Understanding the EJB modules
Understanding the application client module
Declaring security roles in Application level
Summary
2
GlassFish Security Realms
GlassFish Security Realms
Security realms
GlassFish security realms
Adding a custom authentication method to GlassFish
Summary
3
Designing and Developing Secure Java EE Applications
Designing and Developing Secure Java EE Applications
Understanding the sample application
Analyzing sample application business logic
Implementing the Business and Persistence layers
Developing the Presentation layer
Deploying the application client module in the Application Client Container
Summary
4
Securing GlassFish Environment
Securing GlassFish Environment
Securing a host operating system
Estimating security risks: Auditing
Summary
5
Securing GlassFish
Securing GlassFish
Administrating GlassFish
Securing different network listeners
Hosting multiple domains using one IP
Sharing security context between different applications using SSO
Summary
6
Introducing OpenDS: Open Source Directory Service
Introducing OpenDS: Open Source Directory Service
Storing hierarchical information: Directory services
Introducing OpenDS
Installing and administrating OpenDS
Administrating and managing OpenDS
Embedding OpenDS
Replicating Directory Information Tree (DIT)
Summary
7
OpenSSO, the Single sign-on Solution
OpenSSO, the Single sign-on Solution
What is SSO
What is OpenSSO
Authentication chaining
Securing our applications using OpenSSO
Summary
8
Securing Java EE Applications using OpenSSO
Securing Java EE Applications using OpenSSO
Understanding Policy Agents
Installing J2EE Agent 3.0 for GlassFish
Summary
9
Securing Web Services by OpenSSO
Securing Web Services by OpenSSO
Java EE and Web Services security
Understanding Web Services security
Developing secure Web Services
Downloading and installing Web Services security agents
Securing the Echo Web Service
Summary

About the Author

Masoud Kalali has a software engineering degree and has been working on software development projects since 1998. He has experience with a variety of technologies (.NET, J2EE, CORBA, and COM+) on diverse platforms (Solaris, Linux, and Windows). His experience is in software architecture, design, and server-side development.

Masoud has several articles published in Java.net and DZone, and has authored multiple refcards published by DZone, including Java EE security and GlassFish v3 refcards. He is one of founder members of the NetBeans Dream Team and a GlassFish community spotlighted developer.

Masoud's main areas of research and interest include Service Oriented Architecture and large-scale systems' development and deployment. In his leisure time he enjoys photography, mountaineering and camping.

Masoud blogs on Java EE, Software Architecture and Security at http://weblogs.java.net/blog/kalali/ and you can follow him at his Twitter account at http://twitter.com/MasoudKalali.

Masoud can be reached via in case you had some queries about the book or if you just felt like talking to him about software engineering.

Previous Section
Next Chapter