Chapter 11. Securing Seam applications

 

This chapter covers

  • Developing an authentication routine
  • Enforcing role-based authorization
  • Writing permission rules with Drools
  • Adding a CAPTCHA challenge to a form

While winding down after a round of golf, I came across a magazine ad for Microsoft Visual Studio 2005 that serves as an example of how not to treat security. The ad shows side-by-side shots of a software development scene in which two developers are discussing a web application, one before the product is introduced and one after. The developer paraphernalia and the to-do list on the whiteboard reflect the state of the project, with the before scene being far more cluttered and laden with stress. But the contrast reveals a critical oversight in the after scene. An outstanding item on the to-do list reads “TEST CODE FOR SECURITY!!” The items crossed off are personalization features, consistency review of UI, accessibility, and breadcrumbs. At least the application will look pretty while it’s being hacked.

11.1. Authentication jump-start

11.2. Securing pages

11.3. Role-based authorization

11.4. Rule-based authorization using Drools

11.5. Separating the computers from the humans

11.6. Summary