• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

J2EE Security

 
Scott Guo
Greenhorn
Posts: 23
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

During preparing the SCEA exam, since security is an important non-functional aspect in J2EE, I need to provide some comments or exhibit on this. There is no much security experience on my past work, so could you give some suggestions on enterprise application security?

Two aspects I could applied for now:
SSL
Authorization by J2EE on Web and EJB

Thanks a lot!

Scott
 
Ulf Dittmer
Rancher
Pie
Posts: 42966
73
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The Security FAQ has some links that may get you started. In particular, the Java Security Evolution and Concepts series, and maybe some of the other articles as they relate to your project, e.g. the Guide to Building Secure Web Applications if it's a web app.
 
Ryan Day
Ranch Hand
Posts: 87
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am interested in this topic, thanks for the resources you referenced.

At the risk of repeating a question that has been asked before, can you point me to information on a framework or set of reusable components that addresses the tasks that are normally required on a J2EE website with user logins? I'm thinking of:
- allowing users to create their own login (would be stored in JDBC realm in MySQL database)
- allowing users to have their passwords reset and mailed to them

I'm assuming those are generic enough tasks that someone has implemented something resusable. Not asking you to solve it here, just point me in the right direction.
 
Ulf Dittmer
Rancher
Pie
Posts: 42966
73
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ryan,

you'd think that this is common enough that someone for someone to make an open source project out of it, but to my knowledge, there isn't one. But when you look at it, it's just a few JSP pages, which need to be adapted anyway for the look and feel of the web site (and possibly for the form fields they contain), so it's not much more work to create this from scratch.
 
Ryan Day
Ranch Hand
Posts: 87
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for your replies Ulf, they've been very helpful. When you say just a few JSP pages, let's see if we are thinking of the same tasks.

Based on how I see other web sites work, I'm assuming the view would ask the model to actually reset the password in the security realm (e.g. a JDBC realm like MySQL) and then the view would email the temporary login information to the email address they already store for that user. And I guess you could track whether the user has to reset the password next time.

Does that sound about right?
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic