Securing Web application

R

Ricky

Hello,

What are the basic securing methods/implementation ways that should be
noticed when coding JSP/Servlet based Web applications? I don't mean
just https connections, but things like:

- securing URLs that are not meant to used directly
- security options in web.xml
- global errorpages defined to web.xml to catch exceptions
- groups
- access control defined by user
etc.

Are there any books or tutorials related to this kind of stuff?

Thanks,
 
W

Wolfram Rittmeyer

Ricky said:
Hello,

What are the basic securing methods/implementation ways that should be
noticed when coding JSP/Servlet based Web applications? I don't mean
just https connections, but things like:

- securing URLs that are not meant to used directly
- security options in web.xml
- global errorpages defined to web.xml to catch exceptions
- groups
- access control defined by user
etc.

Are there any books or tutorials related to this kind of stuff?

Thanks,
Just go to SUN's tutorial:
http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Security.html
for securing URLs, web.xml-configuration and access-control

and
http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/WCC.html
-> Configuring Web-Clients
for defining errorpages.

If you want to use accounts already stored in a database or directory
you have to read the documentation for how to use these. For Tomcat -
for example - see for defining realms:
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/realm.html

Wolfram Rittmeyer
http://www.jsptutorial.org
 
R

Ricky

Ok, thanks for the tips,
BR

Wolfram Rittmeyer said:
Just go to SUN's tutorial:
http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Security.html
for securing URLs, web.xml-configuration and access-control

and
http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/WCC.html
-> Configuring Web-Clients
for defining errorpages.

If you want to use accounts already stored in a database or directory
you have to read the documentation for how to use these. For Tomcat -
for example - see for defining realms:
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/realm.html

Wolfram Rittmeyer
http://www.jsptutorial.org
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,900
Latest member
Nell636132

Latest Threads

Top