Search:

Java Answers

Ask Question UnAnswered

Home » Forum » Java

RSS Feeds

Question Asked By: Carolina Lopez on Sep 30 In Java Category.

Security

Question Answered By: Aamanee Khan on Sep 30

JAAS is for authentication and authorization, if user cridential are shared among pages you need to consider single sign-on to share security credentials across multiple loginmodules,
httpsession is used for sessions created between web users and serb servers.
ONLY talking about web tier security; you need a strategy to provide privacy and protection for data from eavsdropping. the exchanged data can be protected by SSL/TLS, JCE or other cryptographic techniques which. (not going into much details) SSL provides the HTTP data security between web client and the server, connection-oriented and end to end connection.
Once data got to the server, you need to validate, authenticate and perform authorization. you have several obtions which JAAS is one of them and most recommended as this matches the J2EE security model.
please note that this was briefly talking about web-tier to web user only. you might have security credentials shared among web components within web-tier and other tiers on distributed/clustered servers that requires other considerations.
your answer is, to provide a secure end-to-end architecture, neither is enough. you need both

This Question has 5 more answer(s). View Complete Question Thread

Didn't find what you were looking for? Find more on Security Or get search suggestion and latest updates.

Tagged:security

RSS Feeds:	Articles \| Forum \| New Users \| Activities \| Interview FAQ \| Poll \| Hotlinks
Social Networking:	Hall of Fame \| Facebook \| Twitter \| LinkedIn
Terms:	Terms of Use \| Privacy Policy \| Contact us