Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Restful Java Web Services Security
Restful Java Web Services Security

Restful Java Web Services Security: Secure your RESTful applications against common vulnerabilities with this book and eBook.

eBook
€15.99 €22.99
Paperback
€27.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Table of content icon View table of contents Preview book icon Preview Book

Restful Java Web Services Security

Chapter 2. The Importance of Securing Web Services

Look at you; you have made it to Chapter 2; congratulations! This chapter is quite important because it is related to a concept that is implicit in software, which is security. This is very important because software is used by companies and people like us. Sometimes, we share very important and confidential information through software, and that is why this topic becomes so important for everybody.

In this chapter, we will take you through the basic aspects related to the management of security in computer systems.

We will explore and implement each of the different security mechanisms and scenarios in which they can be used.

Also, you'll learn how to use a protocol analyzer. This will allow us to demonstrate how an attack can be performed and determine the impact of this attack when it achieves its target, in this case, our information. Also, you will be able to imagine more options to implement security in web services.

As...

The importance of security

The management of security is one of the main aspects to consider when designing applications.

No matter what, neither the functionality nor the information of organizations can be exposed to all users without any kind of restriction. Consider the case of a human resource management application that allows you to consult the wages of employees, for example: if the company manager needs to know the salary of one of their employees, it is not something of great importance. However, in the same context, imagine that one of the employees wants to know the salary of their colleagues; if access to this information is completely open, it can generate problems among employees with varied salaries.

An even more critical example can be the case where the bank XYZ increases a bank balance every time a customer or a third party makes a deposit into one of their accounts using an ATM. The IT manager envisions that this functionality could be common, and decides to implement...

Security management options

Java provides some options for security management. Right now, we will explain some of them and demonstrate how to implement them. All authentication methods are practically based on credential delivery from the client to the server. There are several methods to perform this, which are:

  • BASIC authentication
  • DIGEST authentication
  • CLIENT CERT authentication
  • Using API keys

Security management in applications built with Java, including the ones with RESTful web services, always rely on JAAS.

Java Authentication and Authorization Service (JAAS) is a framework that is part of Java Platform Enterprise Edition. Hence, it is the default standard to handle an application's security in Java; it allows you to implement authorization, and it allows authentication controls over applications with the purpose of protecting resources that belong to the application. If you want to know more about JAAS, you can check out the following link:

http://docs.oracle.com/javase/7/docs...

API keys

With the advent of cloud computing, it is not difficult to think of applications that integrate with many others available in the cloud. Right now, it's easy to see how applications interact with Flickr, Facebook, Twitter, Tumblr, and so on.

To enable these integrations, a new authentication mechanism has been developed using API keys. This authentication method is used primarily when we need to authenticate from another application but we do not want to access the private user data hosted in another application. On the contrary, if you want to access this information, you must use OAuth. If you are interested in this, don't worry, we will study this wonderful technology later in this book.

We want to understand how the API keys work, so let's take the case of Flickr. The important thing here is to understand how the API keys work because the same concept can be applied to companies like Google, Facebook, and so on. For those unfamiliar with Flickr, it is an application...

Summary

In this chapter, we went through all possible models of authentication. We will use all of them in the next chapter, and we will apply them to the web service functionality we just created.

Even if you had trouble with any of the examples, you can continue to the next chapter. As for your better understanding, we will go step-by-step and more in-depth into how we can leverage each available authentication model.

As you realize, it is important to choose the correct security management, otherwise information is exposed and can easily be intercepted and used by third parties.

Finally, in this chapter, we reviewed the differences between authentication and authorization. Both concepts are very important and definitely impossible to put aside in the context of security terms.

Now, we will ask you to join us to go ahead and secure our web service.

Left arrow icon Right arrow icon

Description

A sequential and easy-to-follow guide which allows you to understand the concepts related to securing web apps/services quickly and efficiently, since each topic is explained and described with the help of an example and in a step-by-step manner, helping you to easily implement the examples in your own projects. This book is intended for web application developers who use RESTful web services to power their websites. Prior knowledge of RESTful is not mandatory, but would be advisable.

What you will learn

  • Set up, implement, and personalize your development and test environment
  • Learn, understand, and assimilate concepts inherent to security management on RESTful applications and the importance of these concepts
  • Implement and test security on your applications that use RESTful web services with the most useful techniques and interpret the test results
  • Apply and configure secure protocols on your application
  • Implement, configure, and integrate other technologies such as OAuth or SSO with RESTful applications
  • Learn and assimilate security concepts at JEE application and container level
  • Understand digital signatures and message encryption through descriptive examples

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jul 25, 2014
Length: 144 pages
Edition : 1st
Language : English
ISBN-13 : 9781783980116
Vendor :
Eclipse Foundation
Languages :
Concepts :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want

Product Details

Publication date : Jul 25, 2014
Length: 144 pages
Edition : 1st
Language : English
ISBN-13 : 9781783980116
Vendor :
Eclipse Foundation
Languages :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 85.97
RESTful Java Web Services, Second Edition
€36.99
JavaScript Security
€20.99
Restful Java Web Services Security
€27.99
Total 85.97 Stars icon

Table of Contents

6 Chapters
1. Setting Up the Environment Chevron down icon Chevron up icon
2. The Importance of Securing Web Services Chevron down icon Chevron up icon
3. Security Management with RESTEasy Chevron down icon Chevron up icon
4. RESTEasy Skeleton Key Chevron down icon Chevron up icon
5. Digital Signatures and Encryption of Messages Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.2
(6 Ratings)
5 star 16.7%
4 star 83.3%
3 star 0%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Romin K. Irani Jan 30, 2015
Full star icon Full star icon Full star icon Full star icon Full star icon 5
RESTful APIs have been the driving force over the last few years to enable a wide range of client applications (mobile or web). Given the world that we live today, securing these endpoints is critical due to the potential damage that the attacker could cause if the endpoints are not secured enough. Material on securing REST services on the web is few and far between.Packt Pub’s book is catered to address this important topic of security vis-a-vis RESTful Java Web Services. Here are the highlights of the book:The book begins by setting up the development environment and the basic sample application. It focuses on JBOSS and the RESTEasy implementation and the idea is to get your REST Service functional and running. This is a simple and effective approach in my opinion.The next chapter focuses on various security basics that include authentication, authorization and then Basic and Certificate based authentication. It provides an overview of API Keys for security too.The next 3 chapters are focused on RESTEasy and the mechanisms that it has for security your API Endpoints. The coverage includes use of Annotations and programmatic implementation of security. Other topics include OAuth, Digital Signatures and message body encryption.I particularly liked the methodical approach of covering different areas of security. Not all of these mechanisms will apply to your implementation and hence it is good to look at them separately. If you looking for a good overview of REST Security concepts and if JBOSS/RESTEasy are your tools of choice, this is a good book.
Amazon Verified review Amazon
Kindle Customer Feb 23, 2015
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
Over the last few weeks I have been heavily involved in migrating a SOAP based enterprise system to a REST architecture. As part of the migration, the security framework also needed to be overhauled. Being an enterprise system, there are many integration points with external parties and security is a prime concern.During this time, this book has been my "go to" book on security regarding RESTful services. As a reference on topics related to security and RESTful services this book is both comprehensive and pragmatic, a combination that saved me lots of time. This book is perfectly suited for someone that needs to get something up and running in a short period of time. It does not spend too much time on theory, instead it focusses on the practical steps you need to take to get something working. However, unlike a simple cookbook, it explains things in enough detail so that you understand why you are doing something rather than simply how to accomplish the task.The book uses an example based, practical approach to explain the concepts it covers. Even though I was implementing on the IBM (Apache Wink) stack and the book covers the RESTEasy implementation (JBoss) of JAX-RS, it was straightforward to take the examples presented and adapt it for my needs. Perhaps the code that comes with the book could be augmented to include examples demonstrating other implementations (I think Jersey and Restlet would be great for most developers).In the end, no other resource has covered the areas to provide comprehensive security in a RESTful architecture as completely and simply as this book and I would recommend this book to anyone working at securing RESTful endpoints.
Amazon Verified review Amazon
Richard Mar 27, 2015
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
Good book to get Hands on security.
Amazon Verified review Amazon
Meghna Kartha Nov 22, 2015
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
A well explained case study to get an introduction to security and restful webservices.
Amazon Verified review Amazon
Luca Morettoni Feb 13, 2015
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
The "security" need to be a must on every kind of application, but if we plan to expose our applications business logic with RESTful services we need to think two times about secure implementation on that layer.The book is a great introduction to the security of the RESTful system, drives the programmer to implement different layers of security, from the user authentication and authorization to the encryption and signature of the payload. It is also a good quick reference for every developer that need to implement OAuth and/or digital signature of the data.What I didn't liked on the book that is too much tight to RESTeasy implementation, I hope in the future editions to see also some references to the Jersey implementation!At the end is a good book and if you're working on RESTful Java project you need to read it!
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.