This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Java server (J2EE) code review"
From OWASP
(→J2EE Authentication Technologies) |
(→J2EE Authentication Technologies) |
||
| Line 1: | Line 1: | ||
==Introduction== | ==Introduction== | ||
| − | == | + | ==Java EE Authentication Technologies== |
| − | The | + | The Java EE framework contains a number of options from an authentication standpoint, such as, |
| + | |||
| + | * Java Authentication and Authorization Service (JAAS) | ||
| + | * Java Secure Socket Extensions (JSSE.) | ||
| + | ** Authentication and key exchange (RSA & DSA), SSL Authentication | ||
| + | * Java 2 Security Model | ||
| + | |||
| + | |||
| + | ===Servlet Authentication=== | ||
| + | The Java API javax.servlet.HttpServlet contains a number of methods to receive HTTP requests. One fundimental practice in application security is not to hue HTTP GET during the authentication sequence (This is because sensitive credentials may be logged inadvertantly on the web server). HttpServlet harbours methods such as doPost(), doPut(), doDelete(), doGet() to name a few. These methods can be used to process incomming HTTP requests. | ||
==J2EE Authorisation Technologies== | ==J2EE Authorisation Technologies== | ||
Revision as of 10:47, 15 March 2007
Introduction
Java EE Authentication Technologies
The Java EE framework contains a number of options from an authentication standpoint, such as,
- Java Authentication and Authorization Service (JAAS)
- Java Secure Socket Extensions (JSSE.)
- Authentication and key exchange (RSA & DSA), SSL Authentication
- Java 2 Security Model
Servlet Authentication
The Java API javax.servlet.HttpServlet contains a number of methods to receive HTTP requests. One fundimental practice in application security is not to hue HTTP GET during the authentication sequence (This is because sensitive credentials may be logged inadvertantly on the web server). HttpServlet harbours methods such as doPost(), doPut(), doDelete(), doGet() to name a few. These methods can be used to process incomming HTTP requests.
