This is a test
- 144 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
RESTful Java Web Services Security
Book details
Book preview
Table of contents
Citations
About This Book
In Detail
This book will serve as a practical companion for you to learn about common vulnerabilities when using RESTful services, and will provide you with an indispensable knowledge of the tools you can use to implement and test security on your applications. It will cover the fine details of setting up RESTful services such as implementing RESTEasy and securing transmission protocols such as the OAuth protocol and its integration with RESTEasy. Furthermore, it also explains the implementation of digital signatures and the integration of the Doseta framework with RESTEasy.
With this book, you will be able to design your own security implementation or use a protocol to grant permissions over your RESTful applications with OAuth. You will also gain knowledge about the working of other features such as configuring and verifying HTTP and HTTPS protocols, certificates, and securing protocols for data transmission. By the end of this book, you will have comprehensive knowledge that will help you to detect and solve vulnerabilities.
Approach
A sequential and easy-to-follow guide which allows you to understand the concepts related to securing web apps/services quickly and efficiently, since each topic is explained and described with the help of an example and in a step-by-step manner, helping you to easily implement the examples in your own projects.
Who this book is for
This book is intended for web application developers who use RESTful web services to power their websites. Prior knowledge of RESTful is not mandatory, but would be advisable.
Frequently asked questions
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access RESTful Java Web Services Security by Rene Enriquez, Andres Salazar C. in PDF and/or ePUB format, as well as other popular books in Computer Science & Web Services & APIs. We have over one million books available in our catalogue for you to explore.
Information
RESTful Java Web Services Security
Table of Contents
RESTful Java Web Services Security
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Setting Up the Environment
Downloading tools
Downloading links
Creating the base project
First functional example
Testing the example web service
Summary
2. The Importance of Securing Web Services
The importance of security
Security management options
Authorization and authentication
Authentication
Authorization
Access control
Transport layer security
Basic authentication by providing user credentials
Digest access authentication
An example with explanation
Authentication through certificates
API keys
Summary
3. Security Management with RESTEasy
Fine-grained and coarse-grained security
Securing HTTP methods
HTTP method â POST
HTTP method â GET
Fine-grained security implementation through annotations
The @RolesAllowed annotation
The savePerson method
The findById method
The @DenyAll annotation
The @PermitAll annotation
Programmatical implementation of fine-grained security
Summary
4. RESTEasy Skeleton Key
OAuth protocol
OAuth and RESTEasy Skeleton Key
What is RESTEasy Skeleton Key?
OAuth 2.0 authentication framework
Main features
OAuth2 implementation
Updating RESTEasy modules in JBoss
Setting up the configuration in JBoss
Implementing an OAuth client
The oauth-client project
The discstore project
The oauth-server project
webapp/WEB-INF/ jboss-deployment-structure.xml
Running the application
SSO configuration for security management
OAuth token via Basic Auth
Running the application
Custom filters
Server-side filters
Client-side filters
Example usage of filters
Summary
5. Digital Signatures and Encryption of Messages
Digital signatures
Updating RESTEasy JAR files
Applying digital signatures
Testing the functionality
Validating signatures with annotations
Message body encryption
Testing the functionality
Enabling the server with HTTPS
Testing the functionality
Summary
Index
RESTful Java Web Services Security
Copyright © 2014 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: July 2014
Production reference: 1180714
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78398-010-9
www.packtpub.com
Cover image by Vivek Thangaswamy (
<[email protected]>)Credits
Authors
RenĂ© EnrĂquez
Andrés Salazar C.
Reviewers
Erik Azar
Ismail Marmoush
Debasis Roy
Acquisition Editor
Vinay Argekar
Content Development Editor
Adrian Raposo
Technical Editor
Shruti Rawool
Copy Editor
Sayanee Mukherjee
Project Coordinators
Melita Lobo
Harshal Ved
Proofreaders
Simran Bhogal
Paul Hindle
Indexers
Hemangini Bari
Rekha Nair
Graphics
Abhinash Sahu
Production Coordinator
Arvindkumar Gupta
Cover Work
Arvindkumar Gupta
About the Authors
RenĂ© EnrĂquez is currently a software architect for a multinational company headquartered in India. He has previously worked on many projects related to security implementation using frameworks such as JAAS and Spring Security to integrate many platforms based on the Web, BPM, CMS, and web services for government and private sector companies. He is a technology and innovation enthusiast, and he is currently working with several programming languages. He has achieved the following certifications:
- Oracle Certified Professional, Java SE 6 Programmer
- Microsoft Technology Associate
- Cisco Network Operating Systems
Over the past few years, he has worked as a software consultant on various projects for private and government companies and as an instructor of courses to build enterprise and mobile applications. He is also an evangelist of best practices for application development and integration.
Andrés Salazar C. is currently working at one of the most prestigious government companies in Ecuador, performing tasks related to software development and security implementation based on JAAS and digital signatures for secure applications. He also has extensive knowledge of OAuth implementation on web projects. He is a technology and Agile enthusiast, and he has worked on several projects using the JEE technology and TDD. He has achieved the following certifications:
- Oracle Certified Professional, Java SE 6 Programmer
- Certified Scrum Developer
About the Reviewers
Erik Azar is a professional software developer with over 20 years of experience in the areas of system administration, network engineering and security, development, and architecture. Having worked in diverse positions in companies ranging from start-ups to Fortune 500 companies, he currently works as a REST API architect for Availity, LLC in Jacksonville, FL. He is a dedicated Linux hobbyist who enjoys kernel hacking while experimenting with Raspberry Pi and BeagleBone Black boards. In his spare time, he works on solutions using embedded microprocessor platforms, Bluetooth 4.0, and connects to the cloud using RESTful APIs.
Ismail Marmoush is a Java and Machine Learning Certified Expert. He has published the open source projects RESTful Boilerplates for IAAS and PAAS (GAE), an artificial neural network framework, and crawlers/dataminers and some language code examples. You can find more about him, his work, and his tutorials on his personal blog (http://marmoush.com).
Debasis Roy is working as the Team Lead / Scrum Master of the sports team for Vizrt Bangladesh based at Dhaka. He has 7 years of professional working experience as a software engineer in Java/C++-relevant technologies.
He has been working at Vizrt for the past 5 years. He started his journey here with a product called the Online Suite, also known as Escenic Content Engine/Studio, and he is now continuing with products related to Viz Sports. Vizrt provides real-time 3D graphics, studio automation, sports analysis, and asset management tools for the broadcast industryâinteractive and virtual solutions, animations, maps, weather forecasts, video editing, and compositing tools.
Previously, he...
Table of contents
- RESTful Java Web Services Security