Rating: 0 out of 5 stars
0 ratings
Ebook255 pages1 hour
RESTful Java Web Services Security
By René Enríquez and Andrés Salazar C.
Rating: 0 out of 5 stars
()
About this ebook
A sequential and easy-to-follow guide which allows you to understand the concepts related to securing web apps/services quickly and efficiently, since each topic is explained and described with the help of an example and in a step-by-step manner, helping you to easily implement the examples in your own projects. This book is intended for web application developers who use RESTful web services to power their websites. Prior knowledge of RESTful is not mandatory, but would be advisable.
Related to RESTful Java Web Services Security
Related ebooks
Instant Redis Optimization How-to AWS Security Cookbook: Practical solutions for managing security policies, monitoring, auditing, and compliance with AWS Rating: 0 out of 5 stars0 ratingsMastering Hibernate Rating: 0 out of 5 stars0 ratingsInstant Java Password and Authentication Security Rating: 0 out of 5 stars0 ratingsImplementing Cloud Design Patterns for AWS Rating: 0 out of 5 stars0 ratingsMastering Java EE Development with WildFly Rating: 0 out of 5 stars0 ratingsSpring Boot Cookbook Rating: 0 out of 5 stars0 ratingsCuckoo Malware Analysis Rating: 0 out of 5 stars0 ratingsGetting Started with Hazelcast - Second Edition Rating: 0 out of 5 stars0 ratingsCloud Development and Deployment with CloudBees Rating: 0 out of 5 stars0 ratingsMicroservices with Azure Rating: 0 out of 5 stars0 ratingsBuilding a RESTful Web Service with Spring Rating: 5 out of 5 stars5/5Jasmine JavaScript Testing - Second Edition Rating: 0 out of 5 stars0 ratingsDeveloping Web Services with Java APIs for XML Using WSDP Rating: 0 out of 5 stars0 ratingsSoftware Architecture Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsOCA Java SE 7 Programmer I Certification Guide: Prepare for the 1Z0-803 exam Rating: 0 out of 5 stars0 ratingsAPI Security: A guide to building and securing APIs from the developer team at Okta Rating: 0 out of 5 stars0 ratingsWeb Application Firewall Assurance Rating: 0 out of 5 stars0 ratingsSOA Governance in Action: REST and WS-* Architectures Rating: 0 out of 5 stars0 ratingsSnort Intrusion Detection and Prevention Toolkit Rating: 5 out of 5 stars5/5Testing and Securing Android Studio Applications Rating: 0 out of 5 stars0 ratingsSpring Security 3.x Cookbook Rating: 0 out of 5 stars0 ratingsSoftware architecture A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsJUnit Recipes: Practical Methods for Programmer Testing Rating: 4 out of 5 stars4/5Your First Week With Node.js Rating: 0 out of 5 stars0 ratingshapi.js in Action Rating: 0 out of 5 stars0 ratingsCloud computing security Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsRestful Java Web Services Interview Questions You'll Most Likely Be Asked: Job Interview Questions Series Rating: 0 out of 5 stars0 ratingsLearning CoreOS Rating: 0 out of 5 stars0 ratingsASP.NET 4.0 in Practice Rating: 0 out of 5 stars0 ratings
Internet & Web For You
More Porn - Faster!: 50 Tips & Tools for Faster and More Efficient Porn Browsing Rating: 3 out of 5 stars3/5Beginner's Guide To Starting An Etsy Print-On-Demand Shop Rating: 0 out of 5 stars0 ratingsGrokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5The $1,000,000 Web Designer Guide: A Practical Guide for Wealth and Freedom as an Online Freelancer Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Coding For Dummies Rating: 5 out of 5 stars5/5Introduction to Internet Scams and Fraud: Credit Card Theft, Work-At-Home Scams and Lottery Scams Rating: 4 out of 5 stars4/5The Logo Brainstorm Book: A Comprehensive Guide for Exploring Design Directions Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Coding All-in-One For Dummies Rating: 4 out of 5 stars4/5The Digital Marketing Handbook: A Step-By-Step Guide to Creating Websites That Sell Rating: 5 out of 5 stars5/5SEO For Dummies Rating: 4 out of 5 stars4/5How To Make Money Blogging: How I Replaced My Day-Job With My Blog and How You Can Start A Blog Today Rating: 4 out of 5 stars4/5Six Figure Blogging Blueprint Rating: 5 out of 5 stars5/5200+ Ways to Protect Your Privacy: Simple Ways to Prevent Hacks and Protect Your Privacy--On and Offline Rating: 0 out of 5 stars0 ratingsThe Beginner's Affiliate Marketing Blueprint Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5The Internet Is Not What You Think It Is: A History, a Philosophy, a Warning Rating: 4 out of 5 stars4/5Podcasting For Dummies Rating: 4 out of 5 stars4/5How to Destroy Surveillance Capitalism Rating: 4 out of 5 stars4/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsHow To Start A Podcast Rating: 4 out of 5 stars4/5
Related podcast episodes
EP 22: What is OAuth 2? 0% found this document usefulEP 09: Application Contexts, Dependency Injection, and Inversion of Control - OH MY! 0% found this document usefulWhy container security is important - Part 1: Wes Widner joins me to discuss container security. 0% found this document usefulEP 01: The Best of SpringOne 2021 (ft. Dan Vega) 0% found this document usefulBig breaches (and how to avoid them): with Neil Daswani 0% found this document usefulTCP & UDP: with Adam Woodbeck 0% found this document usefulDevOps and Incident Response Evolution 0% found this document usefulThe Cloudcast #355 - Exploring IoT Edge 0% found this document useful341: 11 No-Code Tools I’m Using as a Six-Figure Course Creator 0% found this document useful
Related articles
Traefik Configuration Linux FormatArticle
Traefik Configuration
Mar 10, 2020
In this tutorial we have configured Traefik using command-line switches in our Docker Compose file (the section starting command:). This is the equivalent of starting the application with a whole bunch of command options each time, and while this wou
1 min readSensimilla of Security Cannabis & Tech TodayArticle
Sensimilla of Security
Apr 1, 2019
3 min readBuild a Better nginx Reverse Proxy Maximum PCArticle
Build a Better nginx Reverse Proxy
Feb 4, 2020
4 min read2029 VISION Where Technology Is Taking Business NZBusiness and ManagementArticle
2029 VISION Where Technology Is Taking Business
May 27, 2019
6 min readAn Introduction To Rabbitmq Linux FormatArticle
An Introduction To Rabbitmq
Jun 29, 2021
RabbitMQ is a Message Broker, which means that it can safely hold messages generated by applications and make them available to other applications. The main advantages are reliability, support for clustering and high-availability queues, tracing capa
1 min readThree Low-code Options PC Pro MagazineArticle
Three Low-code Options
Nov 12, 2020
Counting Intel, Vodafone and VW among its customers, OutSystems helps businesses create cloudbased, on-premises and hybrid applications for mobile and web. Its development environment is predominantly drag-and-drop, with views for processes, data and
3 min readBuild A Dynamic App Security Pipeline Linux FormatArticle
Build A Dynamic App Security Pipeline
Sep 21, 2021
8 min readHow To Develop A RESTful Client In Go Linux FormatArticle
How To Develop A RESTful Client In Go
Nov 16, 2021
Mihalis Tsoukalos is a systems engineer and technical writer. He’s the author of Go Systems Programming and Mastering Go. You can reach him at @mactsouk. The subject of this month’s tutorial is RESTful services. In particular, you’re going to learn h
9 min readCybersecurity Courses Ramp Up Amid Shortage Of Professionals TechLife NewsArticle
Cybersecurity Courses Ramp Up Amid Shortage Of Professionals
Jun 18, 2022
7 min readBasic Concepts Linux FormatArticle
Basic Concepts
Jul 2, 2019
A messaging system such as Kafka enables you to send messages between processes, applications and servers. Applications connect to Kafka to send or get data. Strictly speaking, a Kafka ‘topic’ is a unit of storage in Kafka: data in Kafka is stored in
1 min readBest Password Managers For Your Android Device Android AdvisorArticle
Best Password Managers For Your Android Device
Jul 5, 2023
7 min read5 Ways To Improve ThePerformance Of A Home Network Residential Tech TodayArticle
5 Ways To Improve ThePerformance Of A Home Network
Apr 27, 2021
2 min readIn Conversation with Surbhi Rathore TechfastlyArticle
In Conversation with Surbhi Rathore
Oct 1, 2021
4 min readHow To Build The Linux Format Server Linux FormatArticle
How To Build The Linux Format Server
Oct 19, 2021
10 min readCalicoPie Family Historian 7 ComputeractiveArticle
CalicoPie Family Historian 7
Mar 24, 2021
SOFTWARE | £60 from Family Historian Store www.snipca.com/37615 If you’ve ever researched your family tree, you’ll know it’s much harder than the BBC’s celebrity genealogy programme Who Do You Think You Are? makes it appear. You’ll certainly need to
2 min read“When Something Goes Wrong, You Realise You’re Like That Cartoon Character That Has Run Off The Edge Of The Cliff” PC Pro MagazineArticle
“When Something Goes Wrong, You Realise You’re Like That Cartoon Character That Has Run Off The Edge Of The Cliff”
Feb 9, 2023
We need to talk about data. Specifically, your data and my data. The stuff we use on a day-to-day basis, from where we store it to what our expectations are for its safe handling. Now let me get one thing clear from the beginning: I am going to sugge
9 min readCybersecurity Made Simple: Taming The Password The European Business ReviewArticle
Cybersecurity Made Simple: Taming The Password
Mar 1, 2022
8 min readAn Expert Speaks Up on What You Should Know About Programming Languages EntrepreneurArticle
An Expert Speaks Up on What You Should Know About Programming Languages
Oct 1, 2015
1 min readTurning The Page APCArticle
Turning The Page
Aug 8, 2022
BEN MANSILL Works with the best damn editorial, design and production team in the biz. Welcome to this issue – and if you’ve come to us from our sister title TechLife – welcome to the world of APC! After many long years of serving up expert tech advi
2 min readBackups Are Dead, Long Live Backups! Linux FormatArticle
Backups Are Dead, Long Live Backups!
Aug 25, 2020
No one needs to back up any more. Yes, after decades of tech “journalists” telling you to back up your systems, modern ways of working have made the backup obsolete. No, wait, don’t go! We’re not obsolete, just yet. It’s true enough that many of us a
1 min readPassword Managers APCArticle
Password Managers
Nov 6, 2023
11 min readTaking the Edge Off Residential Tech TodayArticle
Taking the Edge Off
Jun 28, 2019
3 min read1password 7 For Mac: Password Manager With Small Improvements That Add Up MacWorldArticle
1password 7 For Mac: Password Manager With Small Improvements That Add Up
Jul 17, 2018
4 min readPassword Managers Linux FormatArticle
Password Managers
Feb 6, 2024
14 min readFamily History Software: An Introduction Family Tree UKArticle
Family History Software: An Introduction
Feb 11, 2020
5 min readSecure Mobile Comms RECOIL OFFGRIDArticle
Secure Mobile Comms
Dec 6, 2022
9 min readCommentary: Thinking About A Password-free Future? Think Again Chicago TribuneArticle
Commentary: Thinking About A Password-free Future? Think Again
Aug 25, 2023
3 min readThe Security Dilemma Of Iot Devices And Potential Consequences HWM SingaporeArticle
The Security Dilemma Of Iot Devices And Potential Consequences
Jan 10, 2021
3 min readContributing For Non - Coders Linux FormatArticle
Contributing For Non - Coders
Jan 10, 2023
9 min readExclusive Downloads APCArticle
Exclusive Downloads
Oct 4, 2021
2 min read
Reviews for RESTful Java Web Services Security
Rating: 0 out of 5 stars
0 ratings
0 ratings0 reviews
Book preview
RESTful Java Web Services Security - René Enríquez
Table of Contents
RESTful Java Web Services Security
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Setting Up the Environment
Downloading tools
Downloading links
Creating the base project
First functional example
Testing the example web service
Summary
2. The Importance of Securing Web Services
The importance of security
Security management options
Authorization and authentication
Authentication
Authorization
Access control
Transport layer security
Basic authentication by providing user credentials
Digest access authentication
An example with explanation
Authentication through certificates
API keys
Summary
3. Security Management with RESTEasy
Fine-grained and coarse-grained security
Securing HTTP methods
HTTP method – POST
HTTP method – GET
Fine-grained security implementation through annotations
The @RolesAllowed annotation
The savePerson method
The findById method
The @DenyAll annotation
The @PermitAll annotation
Programmatical implementation of fine-grained security
Summary
4. RESTEasy Skeleton Key
OAuth protocol
OAuth and RESTEasy Skeleton Key
What is RESTEasy Skeleton Key?
OAuth 2.0 authentication framework
Main features
OAuth2 implementation
Updating RESTEasy modules in JBoss
Setting up the configuration in JBoss
Implementing an OAuth client
The oauth-client project
The discstore project
The oauth-server project
webapp/WEB-INF/ jboss-deployment-structure.xml
Running the application
SSO configuration for security management
OAuth token via Basic Auth
Running the application
Custom filters
Server-side filters
Client-side filters
Example usage of filters
Summary
5. Digital Signatures and Encryption of Messages
Digital signatures
Updating RESTEasy JAR files
Applying digital signatures
Testing the functionality
Validating signatures with annotations
Message body encryption
Testing the functionality
Enabling the server with HTTPS
Testing the functionality
Summary
Index
RESTful Java Web Services Security
RESTful Java Web Services Security
Copyright © 2014 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: July 2014
Production reference: 1180714
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78398-010-9
www.packtpub.com
Cover image by Vivek Thangaswamy (<vivekthangaswamy@yahoo.com>)
Credits
Authors
René Enríquez
Andrés Salazar C.
Reviewers
Erik Azar
Ismail Marmoush
Debasis Roy
Acquisition Editor
Vinay Argekar
Content Development Editor
Adrian Raposo
Technical Editor
Shruti Rawool
Copy Editor
Sayanee Mukherjee
Project Coordinators
Melita Lobo
Harshal Ved
Proofreaders
Simran Bhogal
Paul Hindle
Indexers
Hemangini Bari
Rekha Nair
Graphics
Abhinash Sahu
Production Coordinator
Arvindkumar Gupta
Cover Work
Arvindkumar Gupta
About the Authors
René Enríquez is currently a software architect for a multinational company headquartered in India. He has previously worked on many projects related to security implementation using frameworks such as JAAS and Spring Security to integrate many platforms based on the Web, BPM, CMS, and web services for government and private sector companies. He is a technology and innovation enthusiast, and he is currently working with several programming languages. He has achieved the following certifications:
Oracle Certified Professional, Java SE 6 Programmer
Microsoft Technology Associate
Cisco Network Operating Systems
Over the past few years, he has worked as a software consultant on various projects for private and government companies and as an instructor of courses to build enterprise and mobile applications. He is also an evangelist of best practices for application development and integration.
Andrés Salazar C. is currently working at one of the most prestigious government companies in Ecuador, performing tasks related to software development and security implementation based on JAAS and digital signatures for secure applications. He also has extensive knowledge of OAuth implementation on web projects. He is a technology and Agile enthusiast, and he has worked on several projects using the JEE technology and TDD. He has achieved the following certifications:
Oracle Certified Professional, Java SE 6 Programmer
Certified Scrum Developer
About the Reviewers
Erik Azar is a professional software developer with over 20 years of experience in the areas of system administration, network engineering and security, development, and architecture. Having worked in diverse positions in companies ranging from start-ups to Fortune 500 companies, he currently works as a REST API architect for Availity, LLC in Jacksonville, FL. He is a dedicated Linux hobbyist who enjoys kernel hacking while experimenting with Raspberry Pi and BeagleBone Black boards. In his spare time, he works on solutions using embedded microprocessor platforms, Bluetooth 4.0, and connects to the cloud using RESTful APIs.
Ismail Marmoush is a Java and Machine Learning Certified Expert. He has published the open source projects RESTful Boilerplates for IAAS and PAAS (GAE), an artificial neural network framework, and crawlers/dataminers and some language code examples. You can find more about him, his work, and his tutorials on his personal blog (http://marmoush.com).
Thanks to my family and the Packt Publishing team.
Debasis Roy is working as the Team Lead / Scrum Master of the sports team for Vizrt Bangladesh based at Dhaka. He has 7 years of professional working experience as a software engineer in Java/C++-relevant technologies.
He has been working at Vizrt for the past 5 years. He started his journey here with a product called the Online Suite, also known as Escenic Content Engine/Studio, and he is now continuing with products related to Viz Sports. Vizrt provides real-time 3D graphics, studio automation, sports analysis, and asset management tools for the broadcast industry—interactive and virtual solutions, animations, maps, weather forecasts, video editing, and compositing tools.
Previously, he worked at SDSL/AfriGIS for 2 years, where he was involved mainly in the projects, Marbil and Grid. AfriGIS is a technology innovation company that creates geographic information and communication solutions.
www.PacktPub.com
Support files, eBooks, discount offers, and more
You might want to visit www.PacktPub.com for support files and downloads related to your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books.
Why subscribe?
Fully searchable across every book published by Packt
Copy and paste, print and bookmark content
On demand and accessible via web browser
Free access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.
Preface
The
Enjoying the preview?
Page 1 of 1