Java Reference
In-Depth Information
7.5 Summary
Access control mechanisms are the perimeter protection mechanisms for a Web application. Access
control principally consists of authentication, authorization, and access control. In this chapter, we
delved into the concepts of authentication, authorization, and access control, consequently bind-
ing these elements together to deine access control. We explored the intricacies of authentication
by understanding the factors of authentication. We also focused on the concepts of authorization
and access control. Subsequently, we dwelled upon access control models and deined discretion-
ary access control, mandatory access control, and role-based access control. Next, insight was pro-
vided into some of the Web application attacks against access control. Various attacks against Web
application access control like session ixation, forced browsing, and so on have been highlighted
with examples. Best practices for Web application authentication, authorization, session manage-
ment, and password management were explored, and security compliance requirements relating to
the access control were also discussed in detail. he second section of this chapter delves into the
implementation of a strong access control mechanism for a Java Web application. After providing
the overview of the security model of Java, key authentication and authorization classes and meth-
ods were discussed with respect to the Java Authentication and Authorization Services (JAAS).
Various authentication and authorization classes, interfaces, and methods have been discussed in
detail and exempliied.
Search WWH ::
Custom Search