Quick Table of Contents
  1. Table of Contents
  2. Preface
  3. Section 1: Application Design Concepts and Principles
  4. Section 2: Common Architectures
  5. Section 3: Integration and Messaging
  6. Section 4: Business Tiers Technologies
  7. Section 5: Web Tier Technologies
  8. Section 6: Applicability of Java EE Technology
  9. Section 7: Patterns
  10. Section 8: Security

Section 8: Security

Explain the client-side security model for the Java SE environment, including the Web Start and applet deployment modes.

Security Models

Java Development Kit 1.0

Java Development Kit 1.1

Java SE

Java SE Security Architecture

Java Applet Security

Java Applets run in the browser (using the Java-plugin) or Java Applet Viewer.
By default untrusted and not allowed to:

Local and signed applets are considered trusted. Signed applets verifies origin and integrity in order to be trusted to run with the permissions granted in the local policy file.

Java Web Start

Java Web Start (JWS) is a Java based client application used to run, deploy and update Java SE applications in the browser. The deployment descripter is called Java Network Launch Protocol (JNLP) file.

Properties of Java Web Start:

Security features of Java Web Start:

Given an architectural system specification, select appropriate locations for implementation of specified security features, and select suitable technologies for implementation of those features.

Security Architecture Overview


Provider-based and organized in two distinct packages. One package (Java Cryptographic Extension or JCE) is restricted by export controls.

Cryptographic Algorithms

Public Key Infrastructure

Enables secure exchange/management of information based on public key/certificate cryptography.


Java Authentication and Authorizatoin Service (JAAS) is used to authenticate and authorize users. Authentication by pluggable login modules. Java Generic Secure Services (JGSS) is a unified API to support variety of authentication mechanisms.

Secure Communication

Access Control

Controlled by security manager. Default available for applets and web start. Can be enabled for local Java applications. Security Policy driven.

Securing Java EE Applications

Securing Enterprise Beans

Securing Application Clients

Securing EIS Applications

Securing Java Web Applications

Identify and classify potential threats to a system and describe how a given architecture will address the threats.

Input Validation Failures

Description: input values are not checked, can cause XSS, DoS and Injection attacks
Solution: validate all input before processing, escape input

Output Sanitation

Description: output values are not checked
Solution: validate all input before processing, escape input

Buffer Overflows

Description: memory space overwritten, can cause DoS or execution of commands
Solution: validate all input before processing, escape input, check length

Data Injection Flaws

Description: data or commands injected, caused by not checking input
Solution: validate all input before processing, escape input

Cross-Site Scripting (XSS)

Description: trusted site output can be manipulated to retrieve sensitive data from user, caused by not checking input
Solution: validate all input before processing, escape input

Improper Error Handling

Description: private system information disclosed, when error occurs
Solution: use proper error handling, map system errors to application errors

Insecure Data Transit or Storage

Description: data disclosed by insecure communication or storage
Solution: use cryptography to ensure integrity and confidentiality

Weak Security Tokens

Description: security tokens can be stolen
Solution: minimize security tokens being in transit, use standard/proven security mechanisms

Weak Passwords

Description: passwords susceptible for brute-force/dictionary attacks
Solution: use biometrics, enforce password policy, expiration of passwords

Weak Encryption

Description: weak encryption algorithms used
Solution: use stronger cryptographic algorithms

Session Hijacking

Description: session can be stolen
Solution: invalidate session after logout/timeout, use PKI, use secure/encrypted communication channel

Insecure Configuration Data

Description: security holes by faulty configuration in infrastructure
Solution: test and verify configuration

Broken Authentication

Description: weak authentication mechanism
Solution: strong passwords, biometrics, certificates, strong session mechanisms, secure communication channel

Broken Access Control

Description: resources not protected
Solution: test and verify access control

Policy Failures

Description: missing or faulty rules in policy
Solution: test and verify security policy

Audit and Logging Failures

Description: logs that can be modified, potential attack not logged
Solution: remote logging in an isolated secure area

Denial of Service (DoS) and Distributed DoS (DDoS)

Description: disable service by letting it crash or flooding with network traffic
Solution: input/traffic filtering

Man-in-the-Middle Attack

Description: read and/or modify messages between parties
Solution: use secure communication channel

Multiple Sign-On

Description: more times that passwords are in transit
Solution: use SSO mechanisms

Deployment Problems

Description: failures in configuration and infrastructure
Solution: test and verify application, policies and infrastructure

Coding Problems

Description: failures in program flow, input validation, race conditions, etc.
Solution: code review and testing

Describe the commonly used declarative and programmatic methods used to secure applications built on the Java EE platform, for example use of deployment descriptors and JAAS.

Declarative Security

Programmatic Security

Java Authentication and Authorization Service (JAAS)

Pluggable authentication modules to decouple authentication code from the application. Providers supply modules to be used with JAAS.

  1. Instantiate LoginContext
  2. Authentication by LoginModule (exchangeable)
  3. Callbacks are used by the LoginModule to retrieve security credentials from client

JAAS is configured in my-jaas.conf, which contains a list of LoginModules. Every module has an authentication flag:

A Subject is created when authentication succeeds. The Subject has a set of Principles, which are authenticated uses and groups.

mohan - 27 January 2012very userful. and helpful to understand the objective easily
Prashant Saraf - 2 August 2011This is very help.. thanks a lot.
adil qureshi - 2 August 2011Thanks for these notes,very helpful indeed
plbrnotsv - 14 April 2012le11ss <a href="http://zxdoyrwocscy.com/">zxdoyrwocscy</a>
Hana - 13 April 2012I regard ndmpigaer to be a very specific application, which is not suited for general data analysis tasks. If you have a dataset which fits the scheme of the typical ndmpigaer data, i.e., a multivariate time series of some tens of observations, ndmpigaer will do the job but for most other dataset it won't.There are certainly several other good applications like ndmpigaer on the web, but afaik they all lack the generality.
Leave a comment

Security code:*
(type the code in the text field)