Sunday, February 24, 2008

J2EE security

J2EE security (JAAS)
en and ru resources

http://del.icio.us/search/?fr=del_icio_us&p=jaas&type=all

Реализация системы безопасности в Java
http://slonopotamus.org/java_security

Книга: Система безопасности Java. Руководство разработчика
JAAS. Как поместить remoteUser в сессию?
JAAS: секьюрити
Oracle: Declarative J2EE authentication and authorization with JAAS
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/SampleLoginModule.java

Security
JavaTM Authentication and Authorization Service (JAAS):
LoginModule Developer's Guide
Reference Guide

The J2EE 1.4 Tutorial
Understanding Login Authentication
J2EETutorial pdf

J2EE Form-based Authentication


Possible Solutions to Web Security Issues
IBM Cracks Web 2.0 Security Concerns with "SMash"

All that JAAS

D:\java\projects\projects\core\trunk\component\security\src\main\java\org\exoplatform\services\security\jaas\BasicLoginModule.java
package org.exoplatform.services.security.jaas;
public class BasicLoginModule implements LoginModule {

Possible Solutions to Web Security Issues

Tomcat JAAS. Фраза дня :)

логин конфиг в веб-хмл описывает реалм, для реалма прописан логин модуль, который обращается к нашему сервису, а в контексте описан класс приципала, который логин модуль поставит в сабджект

Friday, February 8, 2008

One Year Anniv

Сегодня моему блогу исполняется один год.

За этот год в нём появилось множество статей на разные темы. В основном, он служит мне как большая записная книжка, где я записываю разные заметки и ссылки на встречающиеся темы по работе и жизни.

В дальнейшем я планирую продолжать заниматься блогом на благо себе и окружающих :)

Wednesday, February 6, 2008

Application servers

Application servers (AS)
wiki

List of application server from google directory search here.

JSR 154: JavaTM Servlet 2.4 Specification
http://jcp.org/en/jsr/detail?id=154

JSR 53: JavaTM Servlet 2.3 and JavaServer PagesTM 1.2 Specifications
http://jcp.org/en/jsr/detail?id=53

The J2EE 1.4 Tutorial here
http://java.sun.com/products/servlet/2.3/javadoc/javax/servlet/http/HttpServletRequest.html
http://java.sun.com/products/servlet/2.3/javadoc/javax/servlet/http/HttpServletResponse.html

http://java.sun.com/dtd/web-app_2_3.dtd

Writing Web Application Deployment Descriptors

The eXo-Portlet-Container was tested on different AS, look here

The content of element type "web-app" must match
"(
icon?,display-name?,description?,distributable?,
context-param*,filter*,filter-mapping*,listener*,servlet*,servlet-mapping*,
session-config?,mime-mapping*,welcome-file-list?,error-page*,taglib*,
resource-env-ref*,resource-ref*,
security-constraint*,login-config?,security-role*,
env-entry*,ejb-ref*,ejb-local-ref*
)"
http://download-llnw.oracle.com/docs/cd/E13222_01/wls/docs61/webapp/web_xml.html

The list of servers which I know:

  • Apache Tomcat 6.0.14
official or wiki
Default port: 8080
Start: %TOMCAT_HOME%\bin\catalina.bat start
Stop:
%TOMCAT_HOME%\bin\catalina.bat stop
Log: console or %TOMCAT_HOME%\logs\catalina.YYYY-MM-DD.log
NOTE: For Tomcat prefer to cut jar's files from all war's/WEB-INF/lib to %
TOMCAT_HOME%/commons/lib. And delete war's/WEB-INF/lib directory.

Apache Tomcat Configuration Reference - The HTTP Connector
  • ObjectWeb JOnAS 4.8.4
official or wiki
Default
port: 9000

Download form wiki on objectweb
Download from objectweb file repository
Download from forge.objectweb.org

  • JBoss 4.2.2 GA
official or wiki
Default port: 8080
Jboss Download
Jboss Forum
Jboss JIRA
Jboss wiki
Jboss 4.2.2 Documentation
http://wiki.jboss.org/wiki/ClassLoadingConfiguration
jboss classloading
  • BEA Weblogic 9.2
official or wiki
Default
port: 7001
  • IBM WebSphere 6.1.0.7
official or wiki
Default
port: 9080
Start: %WebSphere_home%\AppServer\profiles\AppSrv01\bin\startServer.bat server1
Stop:
%WebSphere_home%\AppServer\profiles\AppSrv01\bin\stopServer.bat server1
Log: AppServer\profiles\AppSrv01\logs\server1\SystemOut.log
Web control: http://localhost:8888/em/
Maintenance Download Wizard
Fix list for IBM WebSphere
FTP
Verify Java SDK version shipped with IBM WebSphere Application Server fix packs
e-books
infocenter wasinfo v6.1
http://www-306.ibm.com/software/webservers/appserv/express/requirements
http://www.ibm.com/developerworks/downloads/ws/was/
http://www-306.ibm.com/software/webservers/appserv/community/
What's new in Version 6.1
http://saloon.javaranch.com/cgi-bin/ubb/ultimatebb.cgi?ubb=forum&f=46
http://saloon.javaranch.com/forums/forum-046.html

  • Oracle AS 10.1.3.1.0
official or wiki
Default
port: 8888
Start:
%oracle_home%\opnm\bin\opmnctl.exe startall
Stop: %oracle_home%\opnm\bin\opmnctl.exe stopall
Log: opmn\logs\default_group~home~default_group~1.log

  • Sun Java System AS 9.0
official or wiki
  • Jetty 6.1
official or wiki
  • Geronimo 1.1.1, 1.2-beta, 2.0-M2 with Jetty or Tomcat
official or wiki

Don't forget delete cookie in your browser when you faced with strange behave of your application while test it on other AS !!!

http://docs.sun.com/source/816-6884-10/appendixb.html

All comments are appreciated.