Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Restful Java Web Services Security
Restful Java Web Services Security

Restful Java Web Services Security: Secure your RESTful applications against common vulnerabilities with this book and eBook.

eBook
€15.99 €22.99
Paperback
€27.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Restful Java Web Services Security

Chapter 2. The Importance of Securing Web Services

Look at you; you have made it to Chapter 2; congratulations! This chapter is quite important because it is related to a concept that is implicit in software, which is security. This is very important because software is used by companies and people like us. Sometimes, we share very important and confidential information through software, and that is why this topic becomes so important for everybody.

In this chapter, we will take you through the basic aspects related to the management of security in computer systems.

We will explore and implement each of the different security mechanisms and scenarios in which they can be used.

Also, you'll learn how to use a protocol analyzer. This will allow us to demonstrate how an attack can be performed and determine the impact of this attack when it achieves its target, in this case, our information. Also, you will be able to imagine more options to implement security in web services.

As...

The importance of security

The management of security is one of the main aspects to consider when designing applications.

No matter what, neither the functionality nor the information of organizations can be exposed to all users without any kind of restriction. Consider the case of a human resource management application that allows you to consult the wages of employees, for example: if the company manager needs to know the salary of one of their employees, it is not something of great importance. However, in the same context, imagine that one of the employees wants to know the salary of their colleagues; if access to this information is completely open, it can generate problems among employees with varied salaries.

An even more critical example can be the case where the bank XYZ increases a bank balance every time a customer or a third party makes a deposit into one of their accounts using an ATM. The IT manager envisions that this functionality could be common, and decides to implement...

Security management options

Java provides some options for security management. Right now, we will explain some of them and demonstrate how to implement them. All authentication methods are practically based on credential delivery from the client to the server. There are several methods to perform this, which are:

  • BASIC authentication
  • DIGEST authentication
  • CLIENT CERT authentication
  • Using API keys

Security management in applications built with Java, including the ones with RESTful web services, always rely on JAAS.

Java Authentication and Authorization Service (JAAS) is a framework that is part of Java Platform Enterprise Edition. Hence, it is the default standard to handle an application's security in Java; it allows you to implement authorization, and it allows authentication controls over applications with the purpose of protecting resources that belong to the application. If you want to know more about JAAS, you can check out the following link:

http://docs.oracle.com/javase/7/docs...

API keys

With the advent of cloud computing, it is not difficult to think of applications that integrate with many others available in the cloud. Right now, it's easy to see how applications interact with Flickr, Facebook, Twitter, Tumblr, and so on.

To enable these integrations, a new authentication mechanism has been developed using API keys. This authentication method is used primarily when we need to authenticate from another application but we do not want to access the private user data hosted in another application. On the contrary, if you want to access this information, you must use OAuth. If you are interested in this, don't worry, we will study this wonderful technology later in this book.

We want to understand how the API keys work, so let's take the case of Flickr. The important thing here is to understand how the API keys work because the same concept can be applied to companies like Google, Facebook, and so on. For those unfamiliar with Flickr, it is an application...

Summary

In this chapter, we went through all possible models of authentication. We will use all of them in the next chapter, and we will apply them to the web service functionality we just created.

Even if you had trouble with any of the examples, you can continue to the next chapter. As for your better understanding, we will go step-by-step and more in-depth into how we can leverage each available authentication model.

As you realize, it is important to choose the correct security management, otherwise information is exposed and can easily be intercepted and used by third parties.

Finally, in this chapter, we reviewed the differences between authentication and authorization. Both concepts are very important and definitely impossible to put aside in the context of security terms.

Now, we will ask you to join us to go ahead and secure our web service.

Left arrow icon Right arrow icon

Description

A sequential and easy-to-follow guide which allows you to understand the concepts related to securing web apps/services quickly and efficiently, since each topic is explained and described with the help of an example and in a step-by-step manner, helping you to easily implement the examples in your own projects. This book is intended for web application developers who use RESTful web services to power their websites. Prior knowledge of RESTful is not mandatory, but would be advisable.

What you will learn

  • Set up, implement, and personalize your development and test environment
  • Learn, understand, and assimilate concepts inherent to security management on RESTful applications and the importance of these concepts
  • Implement and test security on your applications that use RESTful web services with the most useful techniques and interpret the test results
  • Apply and configure secure protocols on your application
  • Implement, configure, and integrate other technologies such as OAuth or SSO with RESTful applications
  • Learn and assimilate security concepts at JEE application and container level
  • Understand digital signatures and message encryption through descriptive examples

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jul 25, 2014
Length: 144 pages
Edition : 1st
Language : English
ISBN-13 : 9781783980109
Vendor :
Eclipse Foundation
Languages :
Concepts :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Jul 25, 2014
Length: 144 pages
Edition : 1st
Language : English
ISBN-13 : 9781783980109
Vendor :
Eclipse Foundation
Languages :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 85.97
RESTful Java Web Services, Second Edition
€36.99
JavaScript Security
€20.99
Restful Java Web Services Security
€27.99
Total 85.97 Stars icon

Table of Contents

6 Chapters
1. Setting Up the Environment Chevron down icon Chevron up icon
2. The Importance of Securing Web Services Chevron down icon Chevron up icon
3. Security Management with RESTEasy Chevron down icon Chevron up icon
4. RESTEasy Skeleton Key Chevron down icon Chevron up icon
5. Digital Signatures and Encryption of Messages Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.2
(6 Ratings)
5 star 16.7%
4 star 83.3%
3 star 0%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Romin K. Irani Jan 30, 2015
Full star icon Full star icon Full star icon Full star icon Full star icon 5
RESTful APIs have been the driving force over the last few years to enable a wide range of client applications (mobile or web). Given the world that we live today, securing these endpoints is critical due to the potential damage that the attacker could cause if the endpoints are not secured enough. Material on securing REST services on the web is few and far between.Packt Pub’s book is catered to address this important topic of security vis-a-vis RESTful Java Web Services. Here are the highlights of the book:The book begins by setting up the development environment and the basic sample application. It focuses on JBOSS and the RESTEasy implementation and the idea is to get your REST Service functional and running. This is a simple and effective approach in my opinion.The next chapter focuses on various security basics that include authentication, authorization and then Basic and Certificate based authentication. It provides an overview of API Keys for security too.The next 3 chapters are focused on RESTEasy and the mechanisms that it has for security your API Endpoints. The coverage includes use of Annotations and programmatic implementation of security. Other topics include OAuth, Digital Signatures and message body encryption.I particularly liked the methodical approach of covering different areas of security. Not all of these mechanisms will apply to your implementation and hence it is good to look at them separately. If you looking for a good overview of REST Security concepts and if JBOSS/RESTEasy are your tools of choice, this is a good book.
Amazon Verified review Amazon
Kindle Customer Feb 23, 2015
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
Over the last few weeks I have been heavily involved in migrating a SOAP based enterprise system to a REST architecture. As part of the migration, the security framework also needed to be overhauled. Being an enterprise system, there are many integration points with external parties and security is a prime concern.During this time, this book has been my "go to" book on security regarding RESTful services. As a reference on topics related to security and RESTful services this book is both comprehensive and pragmatic, a combination that saved me lots of time. This book is perfectly suited for someone that needs to get something up and running in a short period of time. It does not spend too much time on theory, instead it focusses on the practical steps you need to take to get something working. However, unlike a simple cookbook, it explains things in enough detail so that you understand why you are doing something rather than simply how to accomplish the task.The book uses an example based, practical approach to explain the concepts it covers. Even though I was implementing on the IBM (Apache Wink) stack and the book covers the RESTEasy implementation (JBoss) of JAX-RS, it was straightforward to take the examples presented and adapt it for my needs. Perhaps the code that comes with the book could be augmented to include examples demonstrating other implementations (I think Jersey and Restlet would be great for most developers).In the end, no other resource has covered the areas to provide comprehensive security in a RESTful architecture as completely and simply as this book and I would recommend this book to anyone working at securing RESTful endpoints.
Amazon Verified review Amazon
Richard Mar 27, 2015
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
Good book to get Hands on security.
Amazon Verified review Amazon
Meghna Kartha Nov 22, 2015
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
A well explained case study to get an introduction to security and restful webservices.
Amazon Verified review Amazon
Luca Morettoni Feb 13, 2015
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
The "security" need to be a must on every kind of application, but if we plan to expose our applications business logic with RESTful services we need to think two times about secure implementation on that layer.The book is a great introduction to the security of the RESTful system, drives the programmer to implement different layers of security, from the user authentication and authorization to the encryption and signature of the payload. It is also a good quick reference for every developer that need to implement OAuth and/or digital signature of the data.What I didn't liked on the book that is too much tight to RESTeasy implementation, I hope in the future editions to see also some references to the Jersey implementation!At the end is a good book and if you're working on RESTful Java project you need to read it!
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.