Day 19. Understanding Security

Security is an important and sensitive aspect of protecting the enterprise from malicious attacks and threats, such as disclosure of vital information and destruction of assets, which have a negative effect on system availability and integrity. In previous days, we briefly introduced some security aspects. We explored how to use the Java Naming and Directory Interface (JNDI) services to authenticate a user in Day 4, “Using JNDI for Naming Services and Components.” Today, we'll go into more detail.

First, we'll explore security concepts that are used in developing applications. Later, we'll focus on Java 2 Enterprise Edition (J2EE) security mechanisms and how they are used in the development and deployment of secure enterprise applications. We'll also explore how J2EE supports container-managed security through a declarative approach and component-managed approach through a programmatic approach. We'll also investigate the Java Authentication and Authorization Service (JAAS) API as a standard API for accessing pluggable security mechanisms. Like other J2EE common services, JAAS allows the development of component-based applications, which are adaptable to the existing security mechanism in place.

In learning the concepts of security in enterprise applications, the following are the main highlights of today's activities:

• Learn the concepts and mechanisms of security in the context of developing J2EE applications

• Learn how security is implemented across all J2EE tiers

• Study the JAAS architecture and concepts

• Learn about the roles and responsibilities for developing and deploying J2EE application

• Learn some of the best practices in applying J2EE security