Web application security

Thread view:

Moro - 27 Aug 2003 09:25 GMT

I wrote a little web application based on apache, JSP and jboss.
I'd like to secure my application in some way.
My question is : is it necessary for me to define security policies
for my code using the java security model (Security Manager,
AccessControl)?

Reply to this Message

Wolfram Rittmeyer - 27 Aug 2003 10:16 GMT

> I wrote a little web application based on apache, JSP and jboss.
> I'd like to secure my application in some way.
> My question is : is it necessary for me to define security policies
> for my code using the java security model (Security Manager,
> AccessControl)?

No. Web-apps can be secured by configuring the web.xml-file. You can
define how to deal with authentication (who am i) and authorization
(what am I allowed to do) solely by configuring your web-app with a
proper web.xml.

How to do that can be found here:
http://java.sun.com/blueprints/guidelines/designing_enterprise_applications_2e/D
EA2eTOC.html

See chapters 9.2 and 9.3 for sample web.xml-snippets.

Wolfram Rittmeyer
http://www.jsptutorial.org

Reply to this Message

Moro - 27 Aug 2003 15:27 GMT

> > I wrote a little web application based on apache, JSP and jboss.
> > I'd like to secure my application in some way.
[quoted text clipped - 14 lines]
> Wolfram Rittmeyer
> http://www.jsptutorial.org

Thank you for the info. So, whom the standard java security model is
intended for? Who needs to use that model? If I write some code and
run it locally it is certainly secure!

Reply to this Message

Marco Manini - 27 Aug 2003 20:13 GMT

> Thank you for the info. So, whom the standard java security model is
> intended for? Who needs to use that model? If I write some code and
> run it locally it is certainly secure!

Hi,

Usually you write some code and someone else use it. The user of your
code sets up the security policy...

Marco

Reply to this Message

Web application security

Free Magazines