Chapter 7 Security
325
logic of the application separate from the security logic, thus making it easier 
for the deployer to understand and change the access policy without tampering 
with the application code. Generally, programmatic security is hard to main 
tain and enhance, plus it is not as portable as declarative security. Security pro 
gramming is complex and difficult to write correctly, leading to a false sense 
of security. Use programmatic mechanisms for access control only when extra 
flexibility is required.
E
If you have multiple Web tier endpoints with varying authentication require 
ments, consider bundling them in different 
.war
 files. An application (de 
ployed within an 
.ear
 file) may use multiple Web service endpoints. It is 
possible that you may require different authentication for these endpoints 
some endpoints may require basic authentication, others may require a client 
certificate. Since a 
web.xml
 file can have only one type of authentication asso 
ciated with its login configuration, you cannot put endpoints that require dif 
ferent authentication in a single 
.war
 file. Instead, group endpoints into 
.war
files based on the type of client authentication they require. Because the J2EE 
platform permits multiple 
.war
 files in a single 
.ear
 file, you can put these 
.war
files into the application 
.ear
 file. 
E
Provide security policy descriptions in addition to those that the standard 
WSDL file provides. The WSDL file is required to publish only a Web ser 
vice's HTTPS URL. It has no standard annotation describing whether the ser 
vice endpoint requires basic or mutual authentication. Use the description 
elements of the deployment descriptor to make known the security require 
ments of your endpoints.
E
Be careful with the username and password information, because these prop 
erties can create a vulnerability when configuring a client component to use 
HTTP basic authentication. Username and password are sensitive security da 
ta, and the security of your system is compromised if they become known to 
the wrong party. For example, do not store username and password values in 
the application code or the deployment descriptor, and if deployment descrip 
tors do include a username and password, be sure to store the deployment de 
scriptors in a secure manner.
E
Consider using a  guarding  component between the interaction and process 
ing layers. Set up an application accessor component with security attributes 
and place it in front of a set of components that require protection. Then, allow 
access to that set of components only through the guarding or front component. 






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting