Skip to main content
View by: Most Recent | Topic | Community | Webloggers   
Monthly Archives:    

Blogs by topic: Security

• Accessibility • Ajax • Blogging • Business • Community 
• Databases • Deployment • Distributed • Eclipse • Education 
• EJB • Extreme Programming • Games • GlassFish • Grid 
• GUI • IDE • Instant Messaging • J2EE • J2ME 
• J2SE • Jakarta • JavaFX • JavaOne • Jini 
• JSP • JSR • JXTA • LDAP • Linux 
• Mobility • NetBeans • Open Source • OpenSolaris • OSGi 
• P2P • Patterns • Performance • Porting • Programming 
• Research • RMI • RSS Feeds • Search • Security 
• Servlets • Struts • Swing • Testing • Tools 
• Virtual Machine • Web Applications • Web Design • Web Development Tools • Web Services and XML 


JavaOne

There is one talk I would like to comment on today: "Don't Be Pwned: A Very Short Course on Secure Programming in Java". This talk, presented by Robert Seacord  and Dean Sutherland from SEI/CERT, was the scariest Java talk I have ever been to. Do you believe the software you write is secure enough?  Believing it or not, I suggest you take some time...
on Oct 4, 2011 | Permalink | Discuss

Security

Cross-site request forgery (CSRF) is a malicious attack exploiting the trust of a site from a user's browser. As an example, an user may be tricked to invoke a url to do a bank transaction by either clicking on the url or accessing the url through <img>. In GlassFish 3.1.1, there is a CSRF prevention filter, org.apache.catalina.filters.CsrfPreventionFilter, which is based on Tomcat 7. The...
on May 31, 2011 | Permalink | Discuss
Single Sign On allows web applications to share the same authentication state. GlassFish v2 supports virtual server level Single Sign On (SSO). Web applications with the same authentication realm in a given virtual server can share the authentication state in GlassFish v2. GlassFish 3.1 supports SSO failover at cluster level. So one has high availability for Single Sign On in a virtual server of...
on Mar 1, 2011 | Permalink | Discuss
 This entry discusses file permission and file attributes support in NIO.2 or JSR-203 which will be part of JDK 7. In this entry you can lean how to read the file attributes like creation date, size, and permissions like execute, read and write flags.
on Jun 23, 2010 | Permalink | Discuss
This a rather long article covering OpenESB  (Open ESB) administration and management along with discussing a complete sample application shows how to develop solutions based on OpenESB
on May 24, 2010 | Permalink | Discuss
In this entry we discuss what Application Server Management Extension (AMX) and Java Management Extensions (JMX) are, how we can use them to develop custom administration, management and monitoring solutions for GlassFish v3. The article contains tens of diagrams and samples.
on Apr 6, 2010 | Permalink | Discuss
 During implementation of the NTLM authentication into our application, I wanted to achieve failover to standard login page (html form) if NTLM authentication fail.
on Mar 25, 2010 | Permalink | Discuss
Secure Applications with GlassFish V3 Embedded Mode
on Mar 25, 2010 | Permalink | Discuss
 I'v migrated code from spring-security 2.0.5 to be able to use NTLM on spring-security 3.0.2. NTLM isn't supported anymore official by SpringSource but after some refactoring I was able to use NTLM without problems.
on Mar 21, 2010 | Permalink | Discuss
This article shows how we can use Spring Secirity and Spring remoting together to create a Spring Service in a  Web application, secure it using Spring Security and later on invoke it from a Java SE application.
on Mar 18, 2010 | Permalink | Discuss
This blog shows steps to create a CSR (certificate signing request) send it to godaddy to get it signed and finally how to install it in GlassFish application server.
on Mar 1, 2010 | Permalink | Discuss

Community

In JUG-AFRICA we started an Open Source project to manage the BIG ANNUAL EVENTS for our JUGs. The first release will be available in the early second half of January. The application will provide a lot of services via the REST Web services.
on Jan 2, 2011 | Permalink | Discuss
GlassFish security book authored by Masoud kalali and published by Packt is now available for purchase. The book covers GlassFish, Java EE 6, OpenSSO and OpenDS.
on May 13, 2010 | Permalink | Discuss

Accessibility

 The www.abelski.com web site offers free (for personal and academic usage) courses about various topics in software development. The site focuses on Java technologies. 
on Oct 4, 2010 | Permalink | Discuss

EJB

I decided to write down the answer for some questions which my book's readers email me or ask me via twitter in my weblog so everyone can benefit from the answers. Here is the answer to the first question which involves custom security realms. GlassFish supports 5 types of security realms out of the box which are sd follow: File Realm: Usefull for development and testing purposes. GlassFish...
on May 18, 2010 | Permalink | Discuss
Java EE Security refcard is available for download. This refcard covers Java EE 6 security and discuss how each application server supports the specs. The refcard covers authentication, authorization, and transport security in Web Application, EJB application and web services by introducing the concept and the related annotations and deployment descriptors which help us realize the concept.
on May 17, 2010 | Permalink | Discuss
This is the second part of a larger setup which explain how to extend GlassFish CLI (Command Line interface , asadmin functionalities) and GlassFish Administration Console (Web Console). This Second part assume that you read the first part and you are ready to get your hands dirty with the coding and deployment.
on Mar 29, 2010 | Permalink | Discuss

Linux

There are several ways to enable user authentication for web based applications, like .htaccess files, plain tekst files, databases, LDAP, etc. They all have their pros and cons. In case a central, flexible solution is needed, either a database or LDAP solution can be used. I chose for an LDAP solution since it can be reused by many web and application servers and the applications that run on...
on Mar 15, 2010 | Permalink | Discuss