Author Masoud Kalali sets out to teach users of the open source GlassFish application server how to secure Java EE artifacts (like Servlets and EJB methods), configure and use GlassFish JAAS modules, and establish environment and network security using this practical guide filled with examples.
"GlassFish Security" takes a programmatic approach to understand Java EE and GlassFish security. Inspired from real development cases, this practical guide shows you how to secure a GlassFish installation and how to develop applications with secure authentication based on GlassFish, Java EE, and OpenSSO capabilities.
This 296-page publication gives readers an introduction to Java EE security in Web, EJB, and Application Client modules as well as the Security Realms provided in GlassFish for the authentication and authorization setup. Kalali then goes through the steps of developing a completely secure Java EE application with Web, EJB, and Application Client modules.
Readers will find instructions on setting up, configuring, and extending GlassFish security, starting from installation and operating environment security, listeners and password security, through policy enforcement, to auditing and developing new auditing modules.
Kalali offers a chapter on OpenDS discussing how to install and administrate OpenDS. Then, in the third part of the book, he guides readers through OpenSSO features, installation, configuration, and how you can use it to secure Java EE applications in general and web services in particular. Identity Federation and SSO are discussed in the last chapter of the book along with a working sample.
Software Engineer Frank Kieviet, a former a senior staff engineer at Sun, shared his experience working through the book, writing "It should be possible to read this book like an encyclopedia. I went back in time and tried to remember all the times that I have had anything to do with security in GlassFish and checked what the book had to say about it ... The book would have saved me a lot of time had I had it at the time when I needed it. If you're using GlassFish, this book belongs on your bookshelf!"
Written for application designers, developers, and administrators, it is expected readers will learn the following key points from this book:
- Develop secure Java EE applications including Web, EJB, and Application client modules.
- Reuse the security assets you have by learning GlassFish security realms in great details along with the sample for each realm.
- Secure GlassFish installation including operating system security and JVM policy configuration.
- Secure Java EE applications using OpenSSO and set up Single Sign-On (SSO) between multiple applications.
- Secure web services using Java EE built-in features, OpenSSO and WS-Security.
- Secure network listeners and passwords using GlassFish provided facilities.
- Learn using OpenSSO services, SDKs, and agents to secure Java EE enterprise applications including Web Services.
- Learn using OpenDS both as administrator and as an LDAP solution developer.
- All command lines and more than 90% of the book content applies for both GlassFish 3.x and 2.x.
"GlassFish Security" - PACKT Publishing
The Oracle GlassFish Server Advantage for Small Businesses
"Ready for Business: Oracle GlassFish Server"
The GlassFish Channel is Now Live
Oracle GlassFish Server Released - Community and Commercial Versions (Version 3.0.1)
Read More ...