Enterprise Java Security: Building Secure J2EE Applications
By Marco Pistoia, Nataraj Nagaratnam, Larry Koved, Anthony Nadalin
Publisher : Addison Wesley
Pub Date : February 20, 2004
ISBN : 0-321-11889-8
Pages : 608
Slots : 1.0
Copyright
Foreword
Preface
About the Authors
Part I: Enterprise Security and Java
Chapter 1. An Overview of Java Technology and Security
Section 1.1. Why Java Technology for Enterprise Applications?
Section 1.2. Enterprise Java Technology
Section 1.3. Java Technology as Part of Security
Section 1.4. An Overview of Enterprise Security Integration
Section 1.5. Time to Market
Chapter 2. Enterprise Network Security and Java Technology
Section 2.1. Networked Architectures
Section 2.2. Network Security
Section 2.3. Server-Side Java Technology
Section 2.4. Java and Firewalls
Section 2.5. Summary
Part II: Enterprise Java Components Security
Chapter 3. Enterprise Java Security Fundamentals
Section 3.1. Enterprise Systems
Section 3.2. J2EE Applications
Section 3.3. Secure Interoperability between ORBs
Section 3.4. Connectors
Section 3.5. JMS
Section 3.6. Simple E-Business Request Flow
Section 3.7. J2EE Platform Roles
Section 3.8. J2EE Security Roles
Section 3.9. Declarative Security Policies
Section 3.10. Programmatic Security
Section 3.11. Secure Communication within a WAS Environment
Section 3.12. Secure E-Business Request Flow
Chapter 4. Servlet and JSP Security
Section 4.1. Introduction
Section 4.2. Advantages of Servlets
Section 4.3. Servlet Life Cycle
Section 4.4. The Deployment Descriptor of a Web Module
Section 4.5. Authentication
Section 4.6. Authorization
Section 4.7. Principal Delegation
Section 4.8. Programmatic Security
Section 4.9. Runtime Restrictions for Web Components
Section 4.10. Usage Patterns
Section 4.11. Partitioning Web Applications
Chapter 5. EJB Security
Section 5.1. Introduction
Section 5.2. EJB Roles and Security
Section 5.3. Authentication
Section 5.4. Authorization
Section 5.5. Delegation
Section 5.6. Security Considerations
Chapter 6. Enterprise Java Security Deployment Scenarios
Section 6.1. Planning a Secure-Component System
Section 6.2. Deployment Topologies
Section 6.3. Secure Communication Channel
Section 6.4. Security Considerations
Part III: The Foundations of Java 2 Security
Chapter 7. J2SE Security Fundamentals
Section 7.1. Access to Classes, Interfaces, Fields, and Methods
Section 7.2. Class Loaders
Section 7.3. The Class File Verifier
Section 7.4. The Security Manager
Section 7.5. Interdependence of the Three Java Security Legs
Section 7.6. Summary
Chapter 8. The Java 2 Permission Model
Section 8.1. Overview of the Java 2 Access-Control Model
Section 8.2. Java Permissions
Section 8.3. Java Security Policy
Section 8.4. The Concept of CodeSource
Section 8.5. ProtectionDomain s
Section 8.6. The Basic Java 2 Access-Control Model
Section 8.7. Privileged Java 2 Code
Section 8.8. ProtectionDomain Inheritance
Section 8.9. Performance Issues in the Java 2 Access-Control Model
Section 8.10. Summary
Chapter 9. Authentication and Authorization with JAAS
Section 9.1. Overview of JAAS and JAAS Terminology
Section 9.2. Authentication
Section 9.3. Authorization Overview
Section 9.4. JAAS and J2EE
Section 9.5. Additional Support for Pluggable Authentication
Part IV: Enterprise Java and Cryptography
Chapter 10. The Theory of Cryptography
Section 10.1. The Purpose of Cryptography
Section 10.2. Secret-Key Cryptography
Section 10.3. Public-Key Cryptography
Chapter 11. The Java 2 Platform and Cryptography
Section 11.1. The JCA and JCE Frameworks
Section 11.2. The JCA API
Section 11.3. The JCE API
Section 11.4. JCE in Practice
Section 11.5. Security Considerations
Chapter 12. PKCS and S/MIME in J2EE
Section 12.1. PKCS Overview
Section 12.2. S/ MIME Overview
Section 12.3. Signing and Verifying Transactions with PKCS and S/ MIME
Section 12.4. Encrypting Transactions with PKCS and S/ MIME
Section 12.5. Security Considerations
Section 12.6. Future Directions
Chapter 13. The SSL and TLS Protocols in a J2EE Environment
Section 13.1. The SSL and TLS Protocols
Section 13.2. HTTPS
Section 13.3. Using the SSL Support Built into J2EE Products
Section 13.4. Using SSL from within J2EE Programs
Section 13.5. Examples
Section 13.6. Summary
Part V: Advanced Topics
Chapter 14. Enterprise Security for Web Services
Section 14.1. XML
Section 14.2. SOAP
Section 14.3. WSDL
Section 14.4. Security for Web Services: Motivations
Section 14.5. Security Technologies
Section 14.6. Web Services Security Model Principles
Section 14.7. Application Patterns
Section 14.8. Use Scenario
Section 14.9. Web Services Provider Security
Section 14.10. Security Considerations
Section 14.11. Futures
Chapter 15. Security Considerations for Container Providers
Section 15.1. Understanding the Environment
Section 15.2. Authentication
Section 15.3. Authorization
Section 15.4. Secure Communication
Section 15.5. Secure Association
Section 15.6. Access to System Resources
Section 15.7. Mapping Identities at Connector Boundaries
Chapter 16. Epilogue
Part VI: Appendixes
Appendix A. Security of Distributed Object Architectures
Section A.1. RMI
Section A.2. Stubs and Skeletons
Section A.3. RMI Registry
Section A.4. The Security of RMI
Appendix B. X.509 Digital Certificates
Section B.1. X.509 Certificate Versions
Download this book click here
No comments:
Post a Comment