Java Reference
In-Depth Information
7.4 Implementing a Secure Authentication and
Authorization System for a Java Web Application
7.4.1 Java Security Overview
Before we dive deep into the authentication and authorization environment of the Java Platform,
it would be prudent to take a couple of steps back to deine and describe the overall security archi-
tecture of Java Platform.
he new Java Platform's security model has evolved over a decade and the new security model
takes care of many of the important concepts of the security aspects of application development.
hey are granular access control, conigurable security policy, extensible access control, and exten-
sion of security checks to all Java applications, including applets. he overall security model of the
new Java Platform is illustrated in Figure 7.1.
here are many components that make up the security architecture of the new Java Platform.
Most important of them are the following—platform security, cryptography, and public key infra-
structure, Secure Sockets communication, logging, and secure coding practices.
*
he overall secu-
rity model of the new Java is shown in Figure 7.2.
Local or Remote Code (Signed or not)
Security
Policy
Class Loader
Sandbox
JVM
Valuable Resources (Files, etc)
Figure 7.1
the new Java Platform security model.
*
1 Sun Microsystems does not include logging and secure coding practices as a part of the Java Platform,
Enterprise Edition architecture. However, we feel that these components are important enough to be considered
as a part of overall Web application security under other considerations.
Search WWH ::
Custom Search