Chapter 5 - Web Application Security
Overview of Web Application Security
Web components provide the dynamic extension capabilities for a web server. Web components can provide Java servlets or JavaServer Faces pages. The interaction between a web client and Java Web Application Request Handling.
Java Web Application Request Handling:
Web application security can be configured when the application is installed, or deployed, to the web container.deployment descriptors are used to relay information to the deployer about security and other aspects of the application.
Specifying this information in annotations or in the deployment descriptor helps the deployer set up the appropriate security policy for the web application.
Security for Java EE web applications can be implemented in the following:
• Declarative security: Implemented using either metadata annotations or an application’s deployment descriptor.Declarative security for web applications is described in Securing Web Applications.
• Programmatic security:It is embedded in an application and can be used to make security decisions when declarative security alone is not sufficient to express the security model of an application.
• Message Security: Works with web services and incorporates security features, such as digital signatures and encryption, into the header of a SOAP message, working in the application layer, ensuring end-to-end security.
Overview of Web Application Security in Java