GlassFish Security -- Table of Contents -- GlassFish Security -- Credits -- About the Author -- About the Reviewers -- Preface -- What this book covers -- Conventions -- Reader feedback -- Customer support -- Errata -- Piracy -- Questions -- 1. Java EE Security Model -- Overview of Java EE architecture -- Understanding a typical Java EE application -- Accessing protected resource inside a Web module -- Deployment descriptors -- Understanding Java EE security terms -- Defining constraints on resources -- Authenticating and authorizing users -- Adding authentication to a Web application -- Authorizing using deployment descriptor -- Managing session information -- Adding transport security -- Using programmatic security in web applications -- Using security annotations -- Understanding the EJB modules -- Securing EJB modules using annotations -- Mapping roles to principals and groups -- Accessing the security context programmatically -- Using EJB interceptors for auditing and security purposes -- Enforcing authentication in EJB modules -- Understanding the application client module -- Declaring security roles in Application level -- Summary -- 2. GlassFish Security Realms -- Security realms -- Authenticating using security realms -- Reusing security assets -- GlassFish security realms -- Administrating security realms -- Creating a file realm -- Creating the JDBC realm -- Using the LDAP realm to secure web applications -- Downloading and installing OpenDS 2.2 -- Creating the LDAP realm -- Configuring the GlassFish LDAP realm for Microsoft Active Directory -- Creating the certificate realm -- Public key cryptography -- Digital signature -- Key stores and trust stores -- Managing certificates -- Listing the content of keystore.jks and cacert.jks -- Obtaining and installing a valid certificate -- Creating the Solaris realm -- Developing custom realms.

Developing the custom realm -- Implementing a JAAS LoginModule -- Implementing a realm class -- Installing and configuring -- Adding a custom authentication method to GlassFish -- Summary -- 3. Designing and Developing Secure Java EE Applications -- Understanding the sample application -- Analyzing sample application business logic -- Implementing the Business and Persistence layers -- Implementing the Persistence layer -- Developing the Presentation layer -- Implementing the Conversion GUI -- Implementing the Converter servlet -- Implementing the authentication frontend -- Implementing a login page -- Implementing a logout page -- Implementing a login error page -- Implementing an access restricted page -- Configuring deployment descriptors -- Specifying the security realm -- Deploying the application client module in the Application Client Container -- Configuring Application Client Container security -- Summary -- 4. Securing GlassFish Environment -- Securing a host operating system -- Defining security at the OS level -- Creating the installation directory -- Creating the GlassFish user -- Logging in as a GlassFish user -- Restricting access to the filesystem -- Restricting access to network interfaces -- Restricting access to ports -- Enforcing storage usage limitation -- Implementing restrictions in the application server level -- Securing the Java Runtime environment from unprivileged access -- Implementing the policy manager -- Securing the GlassFish using security manager -- Defining security policy in platform policy file -- Introducing the GlassFish policy file -- Applying policies on deployed applications separately -- Alternative container policy providers -- Estimating security risks: Auditing -- Enabling the default auditing module -- Developing custom auditing modules -- Summary -- 5. Securing GlassFish -- Administrating GlassFish.

Using CLI for administration tasks -- Implementing security in CLI -- The asadmin and administration credentials -- Protecting GlassFish domain using master password -- Changing passwords -- Protecting passwords with encryption -- Securing the CLI communication channel -- Securing different network listeners -- Securing HTTP listeners -- Securing ORB listeners -- Securing JMX listeners -- Hosting multiple domains using one IP -- Sharing security context between different applications using SSO -- Enabling SSO in virtual server -- Summary -- 6. Introducing OpenDS: Open Source Directory Service -- Storing hierarchical information: Directory services -- Connecting directory services to software systems -- Introducing OpenDS -- Understanding OpenDS backend and services -- Installing and administrating OpenDS -- Installing OpenDS and DSML gateway -- Understanding the system requirements -- Downloading and installing OpenDS server -- Studying the OpenDS directory structure -- Installing and configuring the DSML gateway -- Testing the DSML Gateway -- Administrating and managing OpenDS -- Importing and exporting data -- Importing LDIF files -- Exporting database content into LDIF file -- Backing up and restoring data -- Creating a backup of OpenDS data -- Restoring server state using backups -- Enabling JMX Connection Handler -- Embedding OpenDS -- Benefits of embedded mode capability of OpenDS -- Preparing the environment -- Replicating Directory Information Tree (DIT) -- OpenDS replication mechanism -- Setting up an Asynchronous replication infrastructure -- Summary -- 7. OpenSSO, the Single sign-on Solution -- What is SSO -- What is OpenSSO -- OpenSSO functionalities -- Controlling user access -- Federation Management -- Identity Web Services -- OpenSSO architecture -- OpenSSO realms -- Installing OpenSSO in GlassFish.

Configuring OpenSSO for authentication and authorization -- Authentication chaining -- Realm Authentication -- User Authentication -- Securing our applications using OpenSSO -- Authenticating users by the RESTful interface -- Authorizing using REST -- SSO using REST -- Summary -- 8. Securing Java EE Applications using OpenSSO -- Understanding Policy Agents -- Specifying access privileges by defining policies -- Protecting diverse types of containers using Policy Agents -- Working of OpenSSO agents -- Protecting different types of resources -- Exploring outstanding features of Policy Agents -- Managing Centralized Agent Configuration -- Managing agents in groups -- Applying agents configuration on-the-fly -- Having more control over the installation process -- Installing J2EE Agent 3.0 for GlassFish -- Placing the sample application under OpenSSO protection -- Changing sample application descriptor files -- Configuring the agent to protect the sample application -- Defining access rules -- Summary -- 9. Securing Web Services by OpenSSO -- Java EE and Web Services security -- Securing Web Services in a Web module -- Web Services security in EJB modules -- EJB-based Web Services authentication in GlassFish -- Understanding Web Services security -- Understanding SOAP message structure -- Developing secure Web Services -- Downloading and installing Web Services security agents -- Creating a Web Service Client profile -- Creating a Web Service Provider profile -- Securing the Echo Web Service -- Developing an Echo Service Consumer -- Authenticating a service call using WSP -- Configuring WSP for enforcing authentication -- Configuring WSC to support authentication -- Summary -- Index.