Skip to main content

Security Concepts



TYPES OF SECURITY

Declarative Security - Declarative security specifies an application's security requirements by using either deployment descriptors or annotations.
e.g


Programmatic Security - Programmatic security implements an application's security within the application code.

KEY CHARACTERSTICS 

1.Following are the key characteristics of application security.

Authentication - Authentication is the means by which a user or client proves to a server that it is authorized to access a specific resource and vice-versa.
Authorization - Authorization is the means by which a server determines if a user has permissions to access a specific resource or data.
Data Integrity - Data integrity means that the data that is exchanged by a client and server is not modified by an unauthorized third party.
Confidentiality or Data privacy - This ensures that information is send to only those users or clients that are authorized to access the data.
Non-repudiation - This means that you can prove that a transaction or action has occurred. So a user who has performed a certain action, cannot deny doing so.

SECURITY MECHANISM

Application-Layer Security - In Java EE applications, the application-layer security is provided by the component containers.
Transport-Layer Security - Transport-Layer security is provided by the transport mechanism used to transmit data between the client and server. Java EE application relies on the secure HTTPS protocol using Secure Sockets Layer (SSL).
Message-Layer Security - Message-Layer security secures the SOAP messages that are exchanged between client and server using XML web services


Realms, Users, Groups and Roles

Realms [a field or domain of activity or interest.]- Realms are security domains or protection spaces setup for web or application servers. Each realm has its own authentication scheme and contains a collection of Users and Groups.

Users - Users are individual or application entities defined in an identity store that access the application resources.

Group - Groups are abstract entities defined in Java EE that contains a set of users having common traits.

           Roles - Roles are are abstract entities defined in Java EE that has permissions to access a set of    secured resources in an application. Users or Groups are mapped to Roles.


AUTHENTICATION MECHANISM

1.  BASIC AUTHTICATION
2.  FORM BASED AUTHETICATION

3.  DIGEST AUTHTITCATION
4.CLIENT-CERT
5. KERBEROS
6.OUTH 2



Comments

Post a Comment

Popular posts from this blog

Microservices Design patterns

What are microservices? Microservices - also known as the microservice architecture - is an architectural style that structures an application as a collection of services that are Highly maintainable and testable Loosely coupled Independently deployable Organized around business capabilities Owned by a small team The microservice architecture enables the rapid, frequent and reliable delivery of large, complex applications. It also enables an organization to evolve its technology stack. You are developing a server-side enterprise application. It must support a variety of different clients including desktop browsers, mobile browsers and native mobile applications. The application might also expose an API for 3rd parties to consume. It might also integrate with other applications via either web services or a message broker. The application handles requests (HTTP requests and messages) by executing business logic; accessing a database; exchanging messages with other systems; and returni...
Post a Comment
Read more

GraphQL

What is GraphQL  API Standard invented & open-sourced by Facebook Alternative to  REST API  enables declarative data fetching  exposes single endpoint & responds to queries How it works?  Why Graphql? Improvises performance by reducing the data that is to be transferred over the internet Variety of different frontend frameworks and platforms on client-side Fast development speed & expectation for rapid feature development Why Graphql is better than REST? Flexibility & efficient  No more over /under fetching of data Over fetching : Under fetching: Insightful analytics  Schema serves as contract between client and server CORE CONCEPTS : SDL :SCHEMA DEFINITION LANGUAGE Writing Data with mutations 3 kinds of mutations creating new data updating existing data deleting existing data
Post a Comment
Read more

Jackson

<dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId> jackson-core </artifactId> <version>2.9.6</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId> jackson-annotations </artifactId> <version>2.9.6</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId> jackson-databind </artifactId> <version>2.9.6</version> </dependency> CBOR encoded data with Jackson <dependency> <groupId>com.fasterxml.jackson.dataformat</groupId> <artifactId>jackson-dataformat-cbor</artifactId> <version>2.9.6</version> </dependency> In order to read and write MessagePack encoded data <dependency> <groupId>org.msgpack</groupId> <artifactId>jackson-dataformat-msgp...
Post a Comment
Read more