Java Reference
In-Depth Information
◾
Java Database Connectivity (JDBC): he Java Database Connectivity API allows the Web
and enterprise Java applications to access relational databases and perform the usual Create,
Read, Update, and Delete (CRUD) operations.
Java API for XML Processing (JAXP): hese APIs of the Java Enterprise Edition technolo-
◾
gies allow parsing and processing of text-based XML documents.
Enterprise JavaBeans (EJB) and Java Persistence API (JPA): EJBs are server-side business-oriented
◾
components that are helpful in managing the business logic and even data access capabilities.
J2EE Connector Architecture (JCA): Tool vendors and system integrators use JCA to create
◾
resource adapters that support access to enterprise information systems that can be plugged
in to any enterprise Java-based product.
Java Authentication and Authorization Service (JAAS): JAAS provides a means for the Java-
◾
based Web applications to authenticate and authorize a speciic user or group of users to
access the applications and associated resources with it.
Java API for XML Registries (JAXR): JAXR technologies of the Java EE technology allow
◾
the access to public and/or private business registries over the Web.
Java Architecture for XML Binding (JAXB): JAXB technology of Java EE technology provides
◾
a convenient way to bind an XML schema to a representation in Java Web applications.
Java Transaction API (JTA): JTA provides a standard interface for demarcating transactions
◾
in Web and enterprise applications created using enterprise Java.
1.4 Security in Java Web Applications
Web applications contain information and resources that can be accessed by many users. hese
resources lie on the server side and often traverse unprotected, on open networks, such as the Internet.
In such an environment, all the Web applications accessing these information and resources will
require security for using the information and resources. he Java Platform, Enterprise Edition
technology provides a very simple and elegant way to develop, deploy, and manage the life cycle of
enterprise applications through the container-component relationship. he containers are created by
the container (or server) providers, and they are governed by the service provider interfaces (SPI) of
Java EE technology. he developers, using the Java EE APIs, create, arrange, and organize the com-
ponents in a speciic way to form a Web or enterprise application and deploy them in the containers.
his enables the containers to handle the Web application life cycle in an elegant way. Securing the
Web application, therefore, reduces to securing the containers and components. he ways to imple-
ment security for Java Web applications are discussed in a general way in securing containers. Java
Web security services can be implemented for Web applications in the following ways:
◾
Metadata annotations are used to specify information about security within a Web application
Java class ile. When the application is deployed on the Web, this information can either be used
by or be overridden by the application deployment descriptors of the Java Web application.
Declarative security for a Web application is provided by a deployment descriptor. Declarative
◾
security expresses an application's security structure, including security roles, access control,
and authentication requirements in a deployment descriptor. hese deployment descriptors
are external to the application and are not a part of the Web application itself. Any values
explicitly speciied in the deployment descriptor override any values speciied in the annota-
tions feature of the new Java language coded into the application.
Search WWH ::
Custom Search