Java Reference
In-Depth Information
Introduction to Security
The need for security has increased as the Internet's traffic has increased. Every day more peo-
ple are transferring their credit card numbers or other confidential information over the
Internet. If these transfers are not secured, they are exposed to just about any evildoer with a
network connection. In this chapter, we will cover some of the more common security methods
from rolling your own to Secure Sockets Layer (SSL).
One of the key benefits of servlets is that they inherit the security of the server, without any
additional effort on your part. They are protected because they are resources of the server.
Roll Your Own
The first security method we will discuss is probably the worst method, but at the same time
probably safe enough if you are protecting non-vital information.
In your homegrown version of security, you are going to use a basic form to query the user for
an ID and password. When you have the request, parse off the ID/password combination and
do a lookup to make sure that the user is approved for access. When you have approval, add
the ID to the user's
HttpSession
object as proof of approval for future transactions. Listing 9.1
contains the servlet code for this example.
L
ISTING
9.1
RollYourOwnSecurityServlet
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.util.*;
public class RollYourOwnSecurityServlet extends HttpServlet {
public void init(ServletConfig config)
throws ServletException {
super.init(config);
}
private boolean validateUser(String id, String password) {
// This is a dummy method. If you really implement
// a method like this, you will need to store id/password
// combinations somewhere else and they should also be
// encrypted.
return true;
