Home » Tag Archives: Security (page 12)

Tag Archives: Security

JBoss AS 7: Custom Login Modules

jboss-logo

JBoss AS 7 is neat but the documentation is still quite lacking (and error messages not as useful as they could be). This post summarizes how you can create your own JavaEE-compliant login module for authenticating users of your webapp deployed on JBoss AS. A working elementary username-password module provided. Why to use Java EE standard authentication? Java EE security ...

Read More »

Servlet Basic Auth in an OSGi environment

osgi-alliance-logo

You will first need to get a reference to the OSGI HTTP Service. You can do this through a declarative service. This post will concentrate on steps after getting a reference to the HTTP Service. Note: The complete class for this post is located here When registering a servlet through the OSGI HTTP Service, it provides you with an option ...

Read More »

Preventing CSRF in Java web apps

owasp-logo

Cross-site request forgery attacks (CSRF) are very common in web applications and can cause significant harm if allowed. If you have never heard of CSRF I recommend you check out OWASPs page about it. Luckily preventing CSRF attacks is quite simple, I’ll try to show you how they work and how we can defend from them in the least obtrusive ...

Read More »

Google Services Authentication in App Engine, Part 2

google-aps-logo

In the first part of the tutorial I described how to use OAuth for access/authentication for Google’s API services. Unfortunately, as I discovered a bit later, the approach I used was OAuth 1.0, which has apparently now been officially deprecated by Google in favor of version 2.0 of OAuth. Obviously, I was a bit bummed to discovered this, and promised I ...

Read More »

Google Services Authentication in App Engine, Part 1

google-aps-logo

This post will illustrate how to build a simple Google App Engine (GAE) Java application that authenticates against Google as well as leverages Google’s OAuth for authorizing access to Google’s API services such as Google Docs. In addition, building on some of the examples already provided by Google, it will also illustrate how to persist data using the App Engine ...

Read More »

Where do Security Requirements come from?

software-development-2-logo

One of the problems in building a secure application is that it’s not always clear what the security requirements are and where they are supposed to come from. Are security requirements supposed to come from the customer? Are they specified in the regulatory and compliance environment? Or are they implicit in the type of application that you are building – ...

Read More »

Key Exchange Patterns with Web Services Security

software-development-2-logo

When we have message level security with web services – how we achieve integrity and confidentiality is through keys. Keys are used to sign and encrypt messages been passed from the rqeuestor to the recipient or form the client to the service and vise versa. During this blog post, we’ll be discussing different key exchange patterns and their related use ...

Read More »

Java JAAS form based authentication

java-interview-questions-answers

Implementing a login module using JAAS is an of advance topic and also most of the developers have rare chance of involving with this kind of development. But the basic implementation of JAAS login module is not that much hard implementation.That is because, I intended to post this. Here, I am explaining, how to implement a tomcat managed authentication module. ...

Read More »

Apache Shiro Part 3 – Cryptography

apache-shiro-logo

Besides securing web pages and managing access rights Apache Shiro does also basic cryptography tasks. The framework is able to: encrypt and decrypt data, hash data, generate random numbers. Shiro does not implement any cryptography algorithms. All calculations are delegated to Java Cryptography Extension (JCE) API. The main benefit of using Shiro instead of what is already present in Java ...

Read More »

Apache Shiro Part 2 – Realms, Database and PGP Certificates

apache-shiro-logo

This is second part of series dedicated to Apache Shiro. We started previous part with simple unsecured web application. When we finished, the application had basic authentication and authorization. Users could log in and log out. All web pages and buttons had access rights assigned and enforced. Both authorization and authentication data have been stored in static configuration file. As ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close