Blogs by topic: Security
| • Accessibility | • Ajax | • Blogging | • Business | • Community |
| • Databases | • Deployment | • Distributed | • Eclipse | • Education |
| • EJB | • Extreme Programming | • Games | • GlassFish | • Grid |
| • GUI | • IDE | • Instant Messaging | • J2EE | • J2ME |
| • J2SE | • Jakarta | • JavaFX | • JavaOne | • Jini |
| • JSP | • JSR | • JXTA | • LDAP | • Linux |
| • Mobility | • NetBeans | • Open Source | • OpenSolaris | • OSGi |
| • P2P | • Patterns | • Performance | • Porting | • Programming |
| • Research | • RMI | • RSS Feeds | • Search | • Security |
| • Servlets | • Struts | • Swing | • Testing | • Tools |
| • Virtual Machine | • Web Applications | • Web Design | • Web Development Tools | • Web Services and XML |
JavaOne
There is one talk I would like to comment on today: "Don't Be Pwned: A Very Short Course on Secure Programming in Java".
This talk, presented by Robert Seacord and Dean Sutherland from SEI/CERT, was the scariest Java talk I have ever been to.
Do you believe the software you write is secure enough? Believing it or not, I suggest you take some time...
Security
Cross-site request forgery (CSRF)
is a malicious attack exploiting the trust of a site from a user's browser.
As an example, an user may be tricked to invoke a url to do a bank transaction
by either clicking on the url or accessing the url through <img>.
In GlassFish 3.1.1, there is a
CSRF prevention filter,
org.apache.catalina.filters.CsrfPreventionFilter,
which is based on Tomcat 7.
The...
Single Sign On allows web applications to share the same authentication state.
GlassFish v2 supports virtual server level Single Sign On (SSO). Web applications with the same authentication realm in a given virtual server can share the authentication state in GlassFish v2.
GlassFish 3.1 supports SSO failover at cluster level. So one has high availability for Single Sign On in a virtual server of...
This entry discusses file permission and file attributes support in NIO.2 or JSR-203 which will be part of JDK 7. In this entry you can lean how to read the file attributes like creation date, size, and permissions like execute, read and write flags.
This a rather long article covering OpenESB (Open ESB) administration and management along with discussing a complete sample application shows how to develop solutions based on OpenESB
In this entry we discuss what Application Server Management Extension (AMX) and Java Management Extensions (JMX) are, how we can use them to develop custom administration, management and monitoring solutions for GlassFish v3. The article contains tens of diagrams and samples.
During implementation of the NTLM authentication into our application, I wanted to achieve failover to standard login page (html form) if NTLM authentication fail.
Extending GlassFish Ceritificate Realm
Secure Applications with GlassFish V3 Embedded Mode
I'v migrated code from spring-security 2.0.5 to be able to use NTLM on spring-security 3.0.2. NTLM isn't supported anymore official by SpringSource but after some refactoring I was able to use NTLM without problems.
This article shows how we can use Spring Secirity and Spring remoting together to create a Spring Service in a Web application, secure it using Spring Security and later on invoke it from a Java SE application.
This blog shows steps to create a CSR (certificate signing request) send it to godaddy to get it signed and finally how to install it in GlassFish application server.
Community
In JUG-AFRICA we started an Open Source project to manage the BIG ANNUAL EVENTS for our JUGs. The first release will be available in the early second half of January.
The application will provide a lot of services via the REST Web services.
GlassFish security book authored by Masoud kalali and published by Packt is now available for purchase. The book covers GlassFish, Java EE 6, OpenSSO and OpenDS.
Accessibility
The www.abelski.com web site offers free (for personal and academic usage) courses about various topics in software development. The site focuses on Java technologies.
EJB
I decided to write down the answer for some questions which my book's readers email me or ask me via twitter in my weblog so everyone can benefit from the answers. Here is the answer to the first question which involves custom security realms.
GlassFish supports 5 types of security realms out of the box which are sd follow:
File Realm: Usefull for development and testing purposes. GlassFish...
Java EE Security refcard is available for download. This refcard covers Java EE 6 security and discuss how each application server supports the specs. The refcard covers authentication, authorization, and transport security in Web Application, EJB application and web services by introducing the concept and the related annotations and deployment descriptors which help us realize the concept.
description
This is the second part of a larger setup which explain how to extend GlassFish CLI (Command Line interface , asadmin functionalities) and GlassFish Administration Console (Web Console). This Second part assume that you read the first part and you are ready to get your hands dirty with the coding and deployment.
Linux
There are several ways to enable user authentication for web based applications, like .htaccess files, plain tekst files, databases, LDAP, etc. They all have their pros and cons. In case a central, flexible solution is needed, either a database or LDAP solution can be used.
I chose for an LDAP solution since it can be reused by many web and application servers and the applications that run on...
