Best Practices

In this section, we'll summarize the best practices mentioned throughout the day:

Use the declarative approach when it is sufficient; otherwise, use the programmatic approach for business rules.
Component developers should neither implement security mechanisms nor hard-code security policies in the EJBís business methods. Rather, developers should rely on the security mechanisms provided by the container, and should let the application assembler and deployer define the appropriate security policies for the application.
Use encryption (SSL and digital certificates) to secure sensitive data such as passwords and credit-card numbers.
Use auditing, filtering, and monitoring of your enterprise applications to prevent any security breaches.
Use the JAAS API in authentication and authorization whenever possible.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Best Practices