Chapter 4. Securing applications

 

This chapter covers

  • Fundamentals of security
  • Dynamic login configuration
  • Secure communication
  • Public-key certificates
  • JBoss login modules

Security is an important part of most enterprise software applications because system vulnerabilities and loss of sensitive data can be costly. Security can be compromised in many ways: unauthorized users may access your application’s data; someone may intercept a message being transmitted between two users; or hackers may expose vulnerabilities in your network or application server, giving them access to run commands on your OS.

The two main aspects to security are securing access to information inside of your application and securing access to the environment in which your application runs. Hackers could go through your application to access information or execute malicious code, or they could access the OS on which your application runs. Security must be put into place to protect both application data and the environment in which your applications are running.

Chapter 15 discusses various configuration and environment-related topics related to securing your application server and the surrounding environment. Other chapters in the book also (tangentially) discuss topics related to application server security. Table 4.1 summarizes the sections where we talk about application security for the different components and resources available in the application server.

4.1. Understanding security

4.2. Using secure communication

4.3. Configuring login modules

4.3.4. Using the identity login module

4.3.5. Stacking login modules

4.3.6. Using the client certificate login module

4.4. Summary

4.5. References