J2EE Security Overview

Overview

Enterprise applications are deployed into various containers. Security for components is provided by their containers. A container provides two kinds of security:

  • Declarative
  • Programmatic

Characteristics of Application Security

  • Authentication
  • Authorization, or access control
  • Data integrity
  • Confidentiality, or data privacy
  • Non-repudiation
  • Quality of Service
  • Auditing

Security Mechanisms

  • Java SE Security Mechanisms
    • Java Authentication and Authorization Service (JAAS)
    • Java Generic Security Services (Java GSS-API)
    • Java Cryptography Extension (JCE)
    • Java Secure Sockets Extension (JSSE)
    • Simple Authentication and Security Layer (SASL)
  • Java EE Security Mechanisms
    • Application-Layer Security
    • Transport-Layer Security

Web Authentication Mechanisms

  • Basic Authentication
  • Form-based Authentication
  • Digest Authentication
  • Client Authentication
  • Mutual Authentication