GlassFish - World's first Java EE 7 Application Server


<H1>Topics for Java EE Tutorial</H1>
<B>Advanced Topics in Security (Volume 2)</B>

<I>This
section (Security) describes topics not described in Volume 1, so, in
effect, more advanced topics or topics that discuss ways to secure
applications that don't mesh with the way we want them to secure
applications (e.g., deployment descriptor only).</I>

<P>Refer to the security chapters in the Java EE 5 Tutorial for information on existing content.

<P>The outline for Vol. 1 (basic security) can be viewed here.

<H2>Chapter: Advanced Topics in Security
for Java EE</H2>

<OL>
<LI>Introduce Topics Discussed in this
Chapter
<LI>Deployment Descriptors
<OL>
<LI> Application Deployment
Descriptor
<LI> Runtime Deployment Descriptor
</OL>

</OL>

<H2>Chapter: Securing Enterprise
Applications: Advanced Topics</H2>

<OL>
<LI>Securing Enterprise Beans Using
Deployment Descriptors
<OL>
<LI>Configuring security in
ejb-jar.xml
<OL TYPE=a>
<LI>Defining a Security View
<LI>Declaring Security Roles using
security-role-ref element
<LI> Defining Security roles with
security-role and role-name
<LI>Linking Security role references
to security roles using role-link
<LI>Specifying Method Permissions
using method-permission element
<LI>Propagating Security Identity
using run-as

</OL>
<LI>Configuring security in
sun-ejb-jar.xml
<OL TYPE=a>
<LI> Specifying an authentication
mechanism by configuring the IOR using login-config
<LI>Mapping Security Roles to App
Server Groups using security-role-mapping
</OL>
<LI> Configuring IOR security in
sun-ejb-jar.xml
<OL TYPE=a>
<LI>transport-config
<UL>
<LI>SSL
<LI> ...
</UL>
<LI>as-context
<LI>sas-context
</OL>
<LI>Deploying Secure Enterprise Beans
<LI>Example Applications using EJBs
and deployment descriptors
</OL>
<LI>Securing EIS Applications
<OL>
<LI>Container-managed sign-on

<LI> Component-managed sign-on with

<LI>Configuring Resource Adapter
Security
<LI> Mapping an Application Principal
to EIS Principals
</OL>
<LI>Example Applications that ship
with GlassFish
<LI>Links
</OL>

<H2>Chapter: Using Deployment Descriptors
with Web Applications</H2>

<OL>
<LI>Working
with Roles
<OL>
<LI>Declaring
Security Roles
<LI>Specifying
Security Roles
<LI>Mapping
Security Roles to GlassFish Groups
<LI>Checking
Caller Identity Programmatically (remind from basic book)
<OL TYPE=a>
<LI>getRemoteUser
<LI>isUserInRole
<LI>getUserPrincipal
</OL>
<LI>Declaring
and Linking Role References
<OL TYPE=a>
<LI>Declaring
Roles
</OL>
</OL>
<LI>Declaring
Security Requirements Using Depl. Descr. Elements instead of
Annotations
<OL>
<LI> Why
would you do this?
<LI> Security
elements in web.xml

<OL TYPE=a>
<LI>security-role-ref
<LI>security-role
<LI>security-constraint
<UL>
<LI>web-resource-collection
<LI>auth-constraint
<LI>user-data-constraint
<UL>
<LI>transport-guarantee
</UL>
<LI>Specifying
Security Constraints or Different Resources
</UL>
<LI>login-config
<UL>
<LI>auth-method
(ref to next section for descriptions)
<LI> ...
</UL>

<LI> Security
elements in sun-web.xml

</OL>
</OL>
</OL>

<H2>Chapter: Examples Demonstrating
Advanced Concepts</H2>

<OL>
<LI>Some of the examples from Volume
1, just with deployment descriptors instead of annotations?
<LI>Securing a RESTful web service
<LI>Proposed: End-to-End Security
Application
<OL>
<LI> Java SE Security
(http://java.sun.com/javase/6/docs/technotes/guides/security/)
<OL TYPE=a>
<LI>policy permissions
<LI>JCA
<LI>security managers
</OL>
<LI> Developer Security (from GF Dev
Guide)
<LI> Transport Security

<LI> Java EE Security (annotations
and deployment descriptor)
<LI> GlassFish Security (from GF
Admin Guide)
<LI> Any Other Layers/Pieces???
</OL>
</OL>