Introduction to Security in Java EE
This and subsequent chapters discuss how to address security requirements in Java EE, web, and web services applications. Every enterprise that has sensitive resources that can be accessed by many users, or resources that traverse unprotected, open, networks, such as the Internet, need to be protected.
This chapter introduces basic security concepts and security implementation mechanisms. More information on these concepts and mechanisms can be found in the Security chapter of the Java EE 5 specification. This document is available for download online at the following URL:
Other chapters in this tutorial that address security requirements include the following:
- Chapter 29, "Securing Java EE Applications", discusses adding security to Java EE components such as enterprise beans and application clients.
- Chapter 30, "Securing Web Applications", discusses and provides examples for adding security to web components such as servlets and JSP pages.
- Chapter 31, "Securing Web Services", discusses and provides examples for adding security to web services components at the transport layer, the message layer, and the application layer.
Some of the material in this chapter assumes that you understand basic security concepts. To learn more about these concepts, we recommend that you explore the Java SE security web site before you begin this chapter. The URL for this site is:
This tutorial assumes deployment onto the Sun Java System Application Server (hereafter, Application Server) and provides some information regarding configuration of the Application Server. The best source for information regarding configuration of the Application Server, however, is the Application Server Administration Guide. The best source for development tips specific to the Application Server is the Application Server Developer's Guide. The best source for tips on deploying applications to the Application Server is the Application Server Deployment Planning Guide.
All of the material in The Java™ EE 5 Tutorial is copyright-protected and may not be published in other works without express written permission from Sun Microsystems.