Java Reference
In-Depth Information
Chapter 9. Security
We will finish up our project by securing it with Java EE solutions. But first, we will
analyze the improvements in the concerned APIs. The development of this chapter
will be focused on JASPIC 1.1.
JASPIC 1.1
The
Java Authentication SPI for Containers
(
JASPIC
)Specificationwasdeveloped
under JSR 196. This section just gives you an overview of improvements in the API.
For more information, the complete document specification can be downloaded from
Secure access to forms
Also called JASPI, the JASPIC Specification defines a set of standard interfaces for
the development of modules for authentication, which allow secure access to web re-
sources (Servlets, JSP, and so on), among others. Generally speaking, the JASPIC
Specification was designed for message-level security; this means that JASPIC mod-
ules are called to be integrated into message processing containers and thus, offer a
transparent secured mechanism for protocols such as SOAP and HttpServlet.
Implementing an authentication module
In the case where you don't want to use a predefined authentication module, the
JASPIC Specification allows you to develop your own modules. This requires the
implementation of the
javax.security.auth.message.module.ServerAuthModule
interface. For
reasons that we will explain later, you may need to implement the following interfaces:
•
javax.security.auth.message.config.ServerAuthConfig
•
javax.security.auth.message.config.ServerAuthContext
•
javax.security.auth.message.config.AuthConfigProvider
