| | |
Downloads Articles, tutorials, and other online resources - Read Part 1 of this tutorial series, "Crypto basics," (http://www-106.ibm.com/developerworks/education/r-jsec1.html) also by Brad Rubin.
- See the Java Developer Connection for a complete listing of Java permissions (http://java.sun.com/j2se/1.4/docs/guide/security/permissions.html).
- While not covered in this tutorial, the Java General Security Service (JGSS), new with JDK 1.4, provides a generic framework for securely exchanging messages between applications. A recently released whitepaper (http://java.sun.com/j2se/1.4/docs/guide/security/jgss/single-signon.html) from Sun discusses how JAAS, JGSS, and Kerberos can be used to provide single sign-on application security.
- Sun also hosts several tutorials and user guides (http://java.sun.com/j2se/1.4/docs/guide/security/jgss/tutorials/) describing the different uses and procedures of JAAS and JGSS. One particularly good reference guide describes when to use JGSS versus JSEE (http://java.sun.com/j2se/1.4/docs/guide/security/jgss/tutorials/JGSSvsJSSE.html).
- See Sun Microsystems's Java Security site (http://java.sun.com/security) to learn more about the most current Java security technologies.
- Joseph Sinclair offers a three-pronged solution for identifying users in the series "Securing systems" (developerWorks, June 2001, http://www-106.ibm.com/developerworks/library/j-secure/index.html).
- Once you've got the basics down, Carlos Fonseca will show you how to "Extend JAAS for class instance-level authorization" (developerWorks, April 2002, http://www-106.ibm.com/developerworks/library/j-jaas/).
- In "Enhance Java GSSAPI with a login interface using JAAS" Thomas Owusu provides some insight on credentials and secret keys (developerWorks, November 2001, http://www-106.ibm.com/developerworks/library/j-gssapi/).
- Find out how WebSphere Portal Server 1.2 implements JAAS and single-sign-on security (WebSphere Developer Domain, October 2001).
Books - For an overall discussion of Web security and Java technology, see Web Security, Privacy, and Commerce, 2nd Edition, by Simson Garfinkel and Gene Spafford, O'Reilly, 2002.
- If you want to focus more on Java security, see Professional Java Security (http://www.amazon.com/exec/obidos/ASIN/1861004257/104-8739833-1347930), by Jess Garms and Daniel Somerfield, Wrox Press, 2001.
- Another great resource for learning about Java security is Java Security (http://www.amazon.com/exec/obidos/ASIN/0596001576), by Scott Oaks, O'Reilly & Associates, 2001.
- Find out what everyone needs to know about security in order to survive and be competitive in Secrets and Lies: Digital Security in a Networked World (http://www.counterpane.com/sandl.html), by Bruce Schneier, 2000.
- If you want to focus on authentication technologies, see Authentication: From passwords to public keys (http://www.aw.com/catalog/academic/product/1,4096,0201615991,00.html), by Richard E. Smith, Addison-Wesley, 2002.
Additional resources - The IBM Java Security Research page (http://www.research.ibm.com/javasec/) details various security projects in the works.
- Visit the Tivoli Developer domain (http://www-106.ibm.com/developerworks/tivoli/) for help in building and maintaining the security of your e-business.
- The developerWorks Security special topic offers developers hands-on technical information covering the general topic of security.
- Participate in the developerWorks Java security forum hosted by Paul Abbott.
- You'll find hundreds of articles about every aspect of Java programming in the developerWorks Java technology zone (http://www-106.ibm.com/developerworks/java/).
- See the developerWorks
tutorials page (http://www-105.ibm.com/developerworks/education.nsf/dw/java-onlinecourse-bytitle) for a complete listing of Java technology-related free tutorials from developerWorks.
|
