The Java Security API makes it a simple matter to add security and authentication to your application. The result is an application that knows what and whom it can trust. This month, Todd delves into the Java Security API and demonstrates how to generate message digests, keys, and digital signatures. (2,000 words)
Security is important for any kind of distributed computing environment. For Web services environments, security is becoming even more important due to Web services' unique characteristics. In this article, Sang Shin discusses these characteristics and explains why Web services need a different set of security schemes. He then examines the various Web services security schemes being designed and implemented by the industry. These new schemes are expected to accelerate the adoption of Web services, especially in the business community, where security is always a top priority. (3,800 words; March 18, 2003)
4. Mix protocols transparently in Web applications
To maintain the security of sensitive data as it travels over the Internet to or from the browser, Web applications often rely on Secure Sockets Layer (SSL). The secure Webpages and processes that transmit sensitive data utilize HTTP over SSL (HTTPS) rather than the usual HTTP. Integrating SSL into a Web application should prove seamless and simple to implement as well as maintain. In this article, Steve Ditlinger explores typical SSL implementations. He develops an SSL solution using the J2EE (Java 2 Platform, Enterprise Edition) servlet redirect mechanism to protect sensitive data transmission. He also develops an overall solution combining JavaServer Pages (JSP) custom tags and an application-specific servlet base class. In addition, he demonstrates this solution's implementation within an application using the Struts framework and proposes an enhancement to Struts for better integration. (3,200 words; February 15, 2002)
5. Signed and delivered: An introduction to security and authentication
Whether information arrives as applet or agent, e-mail or e-check, you can ultimately believe its claims, assess its value, or trust its promises only to the extent that you can trust every hand that it passed through. This is the basis of one of the biggest dichotomies of the information age: The technology that makes it easy to copy and distribute digital information also makes it easy to modify or create cunning digital forgeries of that same information. This month, Todd introduces the topics of security and authentication, and explains how the Java Security API can help us create secure and trustworthy code. (1,850 words)
In Parts 1 through 4 of this series on Java security, Raghavan N. Srinivas discussed network and Java security concepts; Part 3 took a detailed look at applet security and optional packages. In this article, Raghavan introduces J2SE (Java 2 Platform, Standard Edition) 1.4's new security packages for certificate chain manipulation, along with Generic Security Services, which includes a single sign-on framework over the network. (3,200 words; December 21, 2001)
In Parts 1 through 3 of this series, Raghavan Srinivas discussed network and Java security concepts, including a detailed look at applet security. In this article, the fourth and last in the series, he details the optional, yet important, packages that enhance Java security. Bonus: A working applet to demonstrate this article's concepts. (4,500 words)
8. Yes, you can secure your Web services documents, Part 1
Nowadays, you can't go anywhere without hearing something about Web services. At the moment, one of the most news-generating aspects of Web services-security-also happens to be one of the most crucial subjects as well. In this article, Ray Djajadinata discusses XML Encryption, an important technology in the Web services security realm. He explains what it is, why savvy Java programmers should understand it, and how to implement the technology using one of the few implementations currently available, IBM XML Security Suite. You should also check out the sidebar below, "Give Your Serializable Class a serialVersionUID," for information on an installation quirk. (2,100 words; August 23, 2002)
9. Yes, you can secure your Web services documents, Part 2
In the first installment of this two-part series, Ray Djajadinata discussed the foundation of confidentiality for WS-Security (Web Services Security): XML Encryption. In this second installment, he introduces XML Digital Signature, a standard that handles a document's integrity. He explains the standard, what you should know about it, and shows how to write XML Signature code using an implementation currently available: IBM XML Security Suite. (3,000 words; October 11, 2002)
