Java server (J2EE) code review - Revision history

Slib: fixed typos

2008-04-24T14:45:01Z

fixed typos

EoinKeary: /* Servlet Authentication */

2007-03-15T12:16:01Z

‎Servlet Authentication

EoinKeary: /* Servlet Authentication */

2007-03-15T11:29:29Z

‎Servlet Authentication

EoinKeary: /* Servlet Authentication */

2007-03-15T11:22:46Z

‎Servlet Authentication

EoinKeary: /* J2EE Authentication Technologies */

2007-03-15T10:47:28Z

‎J2EE Authentication Technologies

EoinKeary: /* J2EE Authentication Technologies */

2007-03-15T10:23:34Z

‎J2EE Authentication Technologies

EoinKeary: /* JAAS */

2007-03-15T10:21:31Z

‎JAAS

EoinKeary at 11:29, 22 February 2007

2007-02-22T11:29:51Z

Jmanico at 21:20, 21 January 2007

2007-01-21T21:20:27Z

New page

test

@@ Line 11: / Line 11: @@
 ===Servlet Authentication===
-The Java API javax.servlet.HttpServlet contains a number of methods to receive HTTP requests. One fundimental practice in application security is not to hue HTTP GET during the authentication sequence (This is because sensitive credentials may be logged inadvertantly on the web server). HttpServlet harbours methods such as doPost(), doPut(), doDelete(), doGet() to name a few. These methods can be used to process incomming HTTP requests.
+The Java API javax.servlet.HttpServlet contains a number of methods to receive HTTP requests. One fundamental practice in application security is not to hue HTTP GET during the authentication sequence (This is because sensitive credentials may be logged inadvertently on the web server). HttpServlet harbours methods such as doPost(), doPut(), doDelete(), doGet() to name a few. These methods can be used to process incomming HTTP requests.
-During the course of Servlet processing, the HttpServlet.service() method is called before the "do" methods (doGet(), doPost(), etc.) therefore no significant processing should be placed in HttpServlet.service() prior to validating that the correct HTTP method was used to submit the transaction. Therefored is prudent to examine that the correct http method (doPost(), doGet() has been over-ridden as opposed to service() method.
+During the course of Servlet processing, the HttpServlet.service() method is called before the "do" methods (doGet(), doPost(), etc.) therefore no significant processing should be placed in HttpServlet.service() prior to validating that the correct HTTP method was used to submit the transaction. Therefore it is prudent to examine that the correct http method (doPost(), doGet() has been over-ridden as opposed to service() method.
-In the case of an authentication servlet is would be recommende to assure that the doGet() method has been overridden.
+In the case of an authentication servlet it would be recommended to assure that the doGet() method has been overridden.
-One solution to prevent HTTP GET requqests is to use the HTTPServletRequest.getMethod() to examine if the method is POST.
+One solution to prevent HTTP GET requests is to use the HTTPServletRequest.getMethod() to examine if the method is POST.
+{
@@ Line 28: / Line 28: @@
+}
-==J2EE Authorisation Technologies==
+==J2EE Authorization Technologies==
 ==J2EE Session Management==

@@ Line 17: / Line 17: @@
 In the case of an authentication servlet is would be recommende to assure that the doGet() method has been overridden.
-One solution to prevent HTTP GET requqests is to use the HTTPServletRequest.getMethod() to examine if the methods is POST.
+One solution to prevent HTTP GET requqests is to use the HTTPServletRequest.getMethod() to examine if the method is POST.
 ==J2EE Authorisation Technologies==

← Older revision		Revision as of 11:29, 15 March 2007
Line 14:		Line 14:

	During the course of Servlet processing, the HttpServlet.service() method is called before the "do" methods (doGet(), doPost(), etc.) therefore no significant processing should be placed in HttpServlet.service() prior to validating that the correct HTTP method was used to submit the transaction. Therefored is prudent to examine that the correct http method (doPost(), doGet() has been over-ridden as opposed to service() method.		During the course of Servlet processing, the HttpServlet.service() method is called before the "do" methods (doGet(), doPost(), etc.) therefore no significant processing should be placed in HttpServlet.service() prior to validating that the correct HTTP method was used to submit the transaction. Therefored is prudent to examine that the correct http method (doPost(), doGet() has been over-ridden as opposed to service() method.
		+
		+	In the case of an authentication servlet is would be recommende to assure that the doGet() method has been overridden.
		+
		+	One solution to prevent HTTP GET requqests is to use the HTTPServletRequest.getMethod() to examine if the methods is POST.

	==J2EE Authorisation Technologies==		==J2EE Authorisation Technologies==

@@ Line 12: / Line 12: @@
 ===Servlet Authentication===
 The Java API javax.servlet.HttpServlet contains a number of methods to receive HTTP requests. One fundimental practice in application security is not to hue HTTP GET during the authentication sequence (This is because sensitive credentials may be logged inadvertantly on the web server). HttpServlet harbours methods such as doPost(), doPut(), doDelete(), doGet() to name a few. These methods can be used to process incomming HTTP requests.
 ==J2EE Authorisation Technologies==

@@ Line 1: / Line 1: @@
 ==Introduction==
-==J2EE Authentication Technologies==
+==Java EE Authentication Technologies==
-The J2EE framework contains a number of options from an authentication standpoint, such as,
+The Java EE framework contains a number of options from an authentication standpoint, such as,
 ==J2EE Authorisation Technologies==

← Older revision		Revision as of 10:23, 15 March 2007
Line 2:		Line 2:

	==J2EE Authentication Technologies==		==J2EE Authentication Technologies==
		+	The J2EE framework contains a number of options from an authentication standpoint, such as,

	==J2EE Authorisation Technologies==		==J2EE Authorisation Technologies==

← Older revision		Revision as of 10:21, 15 March 2007
Line 1:		Line 1:
−	==~~JAAS~~==	+	==Introduction==
		+
		+	==J2EE Authentication Technologies==
		+
		+	==J2EE Authorisation Technologies==
		+
		+	==J2EE Session Management==
		+
		+	==J2EE Data Validation==
		+
		+	==J2EE Error Handling==
		+
		+	==Crypto in J2EE/Java==

← Older revision		Revision as of 11:29, 22 February 2007
Line 1:		Line 1:
−	~~test~~	+	==JAAS==