The JavaTM Web Services Tutorial
Home
TOC
PREV TOP NEXT

Web Application Security

Debbie Carson

The Web services security model is based on the Java Servlet specification. This model insulates developers from mechanism-specific implementation details of application security. The Java WSDP provides this insulation in a way that enhances the portability of applications, allowing them to be deployed in diverse security environments.

Some of the material in this chapter assumes that you have an understanding of basic security concepts. To learn more about these concepts, we highly recommend that you explore the Security trail in The Java Tutorial (see http://java.sun.com/docs/books/tutorial/security1.2/index.html) before you begin this chapter.

Overview
Users, Groups, and Roles
Security Roles
Managing Groups, Roles, and Users
Mapping Application Roles to Realm Roles
Web-Tier Security
Protecting Web Resources
Controlling Access to Web Resources
Authenticating Users of Web Resources
Using Programmatic Security in the Web Tier
Unprotected Web Resources
EIS-Tier Security
Configuring Sign-On
Container-Managed Sign-On
Component-Managed Sign-On
Setting Up a Server Certificate
For more information
Home
TOC
PREV TOP NEXT