Chapter 7 Security


325


logic of the application separate from the security logic, thus making it easier 


for the deployer to understand and change the access policy without tampering 


with the application code. Generally, programmatic security is hard to main 


tain and enhance, plus it is not as portable as declarative security. Security pro 


gramming is complex and difficult to write correctly, leading to a false sense 


of security. Use programmatic mechanisms for access control only when extra 


flexibility is required.


E


If you have multiple Web tier endpoints with varying authentication require 


ments, consider bundling them in different 


.war


 files. An application (de 


ployed within an 


.ear


 file) may use multiple Web service endpoints. It is 


possible that you may require different authentication for these endpoints 


some endpoints may require basic authentication, others may require a client 


certificate. Since a 


web.xml


 file can have only one type of authentication asso 


ciated with its login configuration, you cannot put endpoints that require dif 


ferent authentication in a single 


.war


 file. Instead, group endpoints into 


.war


files based on the type of client authentication they require. Because the J2EE 


platform permits multiple 


.war


 files in a single 


.ear


 file, you can put these 


.war


files into the application 


.ear


 file. 


E


Provide security policy descriptions in addition to those that the standard 


WSDL file provides. The WSDL file is required to publish only a Web ser 


vice's HTTPS URL. It has no standard annotation describing whether the ser 


vice endpoint requires basic or mutual authentication. Use the description 


elements of the deployment descriptor to make known the security require 


ments of your endpoints.


E


Be careful with the username and password information, because these prop 


erties can create a vulnerability when configuring a client component to use 


HTTP basic authentication. Username and password are sensitive security da 


ta, and the security of your system is compromised if they become known to 


the wrong party. For example, do not store username and password values in 


the application code or the deployment descriptor, and if deployment descrip 


tors do include a username and password, be sure to store the deployment de 


scriptors in a secure manner.


E


Consider using a  guarding  component between the interaction and process 


ing layers. Set up an application accessor component with security attributes 


and place it in front of a set of components that require protection. Then, allow 


access to that set of components only through the guarding or front component. 








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      
 

    

  

  




Our web partners:
Inexpensive 
Web Hosting 



Java Web Hosting


personal webspace


webspace php 


linux webhost
 




 html web templates




DreamweaverQuality Web Templates


PSD Web Templates
 





cheap webhost


j2ee web Hosting


buy webspace


ftp webspace


adult webspace
 





frontpage WebHosting


webspace hosting


cheap webhost


Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved



aol web hosting