This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Security and the fly likes Good book on Authorization/Authentication/Encryption for Web Services Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Good book on Authorization/Authentication/Encryption for Web Services" Watch "Good book on Authorization/Authentication/Encryption for Web Services" New topic
Author

Good book on Authorization/Authentication/Encryption for Web Services

Siegfried Heintze
Ranch Hand

Joined: Aug 11, 2000
Posts: 381
I was disappointed that there was not better coverage of Authorization/Authentication/Encryption for Web Services in "Spring In Action" and "Roo in Action".
I assume JAAS has some of these features. Can someone recommend a good resource, a book perhaps, that explains JAAS basic/digest, X509 Certificates, SSL, various standards for passing credentials, and other concerns with putting a REST or XML Web service behind a pay wall? Why are these topics not covered in books on Spring? Do I need to look in EJB books? Do I need to look in Web Server books like the Tomcat book? Where should I look?

I'm developing an public API for some proprietary algorithms I want to put behind a pay wall. I need to selected a vitalization service like Amazon S3 or Azure to host it and I would like to see a discussion of my various options (besides sending passwords as clear text with Basic authentication).

Thanks
Siegfried
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Good book on Authorization/Authentication/Encryption for Web Services