Securing Web Applications

Web applications contain resources that can be accessed by many users. These resources often traverse unprotected, open networks, such as the Internet. In such an environment, a substantial number of web applications will require some type of security.

The ways to implement security for Java EE applications are discussed in a general way in Securing Containers (page 866). This chapter provides more detail and a few examples that explore these security services as they relate to web components. Java EE security services can be implemented for web applications in the following ways:

Some of the material in this chapter assumes that you have read Chapter 28, "Introduction to Security in Java EE", therefore we recommend that you explore that chapter before beginning this one.

This section assumes that you are familiar with the web technologies being discussed, or that you have read the following chapters in this tutorial that discuss these technologies: