Wednesday, December 6, 2017

Security Concepts



TYPES OF SECURITY

Declarative Security - Declarative security specifies an application's security requirements by using either deployment descriptors or annotations.
e.g


Programmatic Security - Programmatic security implements an application's security within the application code.

KEY CHARACTERSTICS 

1.Following are the key characteristics of application security.

Authentication - Authentication is the means by which a user or client proves to a server that it is authorized to access a specific resource and vice-versa.
Authorization - Authorization is the means by which a server determines if a user has permissions to access a specific resource or data.
Data Integrity - Data integrity means that the data that is exchanged by a client and server is not modified by an unauthorized third party.
Confidentiality or Data privacy - This ensures that information is send to only those users or clients that are authorized to access the data.
Non-repudiation - This means that you can prove that a transaction or action has occurred. So a user who has performed a certain action, cannot deny doing so.

SECURITY MECHANISM

Application-Layer Security - In Java EE applications, the application-layer security is provided by the component containers.
Transport-Layer Security - Transport-Layer security is provided by the transport mechanism used to transmit data between the client and server. Java EE application relies on the secure HTTPS protocol using Secure Sockets Layer (SSL).
Message-Layer Security - Message-Layer security secures the SOAP messages that are exchanged between client and server using XML web services


Realms, Users, Groups and Roles

Realms [a field or domain of activity or interest.]- Realms are security domains or protection spaces setup for web or application servers. Each realm has its own authentication scheme and contains a collection of Users and Groups.

Users - Users are individual or application entities defined in an identity store that access the application resources.

Group - Groups are abstract entities defined in Java EE that contains a set of users having common traits.

           Roles - Roles are are abstract entities defined in Java EE that has permissions to access a set of    secured resources in an application. Users or Groups are mapped to Roles.


AUTHENTICATION MECHANISM

1.  BASIC AUTHTICATION
2.  FORM BASED AUTHETICATION

3.  DIGEST AUTHTITCATION
4.CLIENT-CERT
5. KERBEROS
6.OUTH 2



at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)