Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management
Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] SAAJ API for Web services in case study in Message Inspector pattern Safeguards Rule SAML (Security Assertion Markup Language) 2nd 3rd architecture 2nd assertions 2nd 3rd 4th attribute authentication 2nd authorization domain model for access control Identity management patterns in XACML 2nd 3rd J2EE-based applications and web services Java System Access Manager with migration in motivation Policy Administration Point Policy Enforcement Point profiles 2nd 3rd request-reply model SAML 1.0 2nd SAML 1.1 SAML 2.0 2nd 3rd SSO in 2nd usage scenarios DOS attacks global logout man-in-the-middle attacks message replay and message modification third-party authentication and authorization XML signatures in SAML Token profile Sample code for security patterns Assertion Builder Audit Interceptor Authentication Enforcer Container Managed Security Credential Tokenizer pattern Dynamic Service Management Intercepting Web Agent Obfuscated Transfer Object Password Synchronizer Policy Delegate Secure Base Action Secure Logger Secure Pipe Secure Service Facade Secure Service Proxy Secure Session Object Single Sign-on Delegator SampleAuthorizationEnforcer.java file Sarbanes-Oxley Act (SOX) identity protection in 2nd in security provisioning patterns SASL (Simple Authentication and Security Layer) API clients 2nd installing servers SATAN (Security Administrator Tool for Analyzing Networks) tool SBU (Sensitive But Unclassified) information Scalability in security patterns Intercepting Web Agent Secure Message Router Secure Service Proxy security provisioning Single Sign-on Delegator J2EE network topology horizontal vertical sCallerInRole method Scanners fingerprint in biometrics Scanning data protection. [See Intercepting Validator pattern] Scope Liberty Alliance service provisioning Screen display messages Scripting, cross-site seal method Sealed objects SealedObject class Search operations in SPML SearchRequest message Secret data Secret keys in assessment checklists SecretKeyFactory class Secure Association patterns Secure Base Action pattern 2nd and Policy Delegate pattern consequences forces in case study 2nd 3rd 4th participants and responsibilities 2nd problem reality checks related patterns sample code security factors and risk solution strategies structure Secure Communication patterns Secure data logger strategy Secure log store strategy Secure Logger pattern 2nd consequences 2nd forces in case study 2nd 3rd participants and responsibilities problem reality check related patterns Message Inspector Secure Base Action sample code security factors and risks solution strategies structure Secure Message Interceptor pattern Secure Message Router pattern consequences forces in case study 2nd 3rd 4th participants and responsibilities problem reality check related patterns Message Interceptor Gateway Secure Service Proxy security factors and risks solution strategies structure Secure Pipe pattern 2nd 3rd consequences forces in case study 2nd 3rd 4th in secure log store strategy 2nd participants and responsibilities problem reality check related patterns Authentication Enforcer Credential Tokenizer Dynamic Service Management Secure Logger sample code security factors and risks solution strategies structure Secure Service Facade pattern 2nd 3rd consequences forces in case study participants and responsibilities 2nd problem reality check related patterns sample code security factors and risks solution strategies structure Secure Service Proxy pattern consequences forces participants and responsibilities problem reality check related patterns Container Managed Security Intercepting Web Agent Secure Service Facade sample code security factors and risks solution strategies structure Secure service proxy single service strategy Secure Session Facade pattern 2nd Secure Session Manager 2nd Secure Session Object pattern consequences forces participants and responsibilities problem reality check related patterns sample code security factors and risks solution strategies structure Secure Session pattern Secure Socket Layer. [See SSL (Secure Socket Layer)] Secure UP artifacts in risk analysis trade-off analysis SecureBaseAction class Authentication Enforcer pattern Authorization Enforcer pattern 2nd Intercepting Validator pattern JAAS Login Module strategy with Apache Struts SecureClassLoader class SecureID SecureRandom class SecureServiceFacade class SecureSessionFacadeSessionBean.java file Security Administrator Tool for Analyzing Networks (SATAN) tool Security Assertion Markup Language. [See SAML (Security Assertion Markup Language)] Security by default 2nd application security business challenges compliance. [See Compliance] flaws and exploits four W's identity management Java technology justifications personal identification proactive and reactive references strategies summary weakest links Security class Security Context pattern Security Event Logging pattern Security factors in security patterns Assertion Builder Audit Interceptor Authentication Enforcer Authorization Enforcer Container Managed Security Credential Tokenizer Dynamic Service Management Intercepting Validator Intercepting Web Agent Message Inspector Message Interceptor Gateway Obfuscated Transfer Object Password Synchronizer Policy Delegate Secure Base Action Secure Logger Secure Message Router Secure Pipe Secure Service Facade Secure Service Proxy Secure Session Object Single Sign-on Delegator Security levels in J2EE network topology Security patterns application security assessment model applying Business tier 2nd Audit Interceptor best practices Container Managed Security Dynamic Service Management factor analysis Obfuscated Transfer Object overview 2nd pitfalls Policy Delegate references Secure Service Facade Secure Session Object classification existing factor analysis Identity management 2nd 3rd Assertion Builder best practices Credential Tokenizer pattern pitfalls references Single Sign-on Delegator pattern in case study 2nd in patterns-driven security design infrastructure and quality of services Integration tier labeling in policy design in references relationships security provisioning best practices and pitfalls Password Synchronizer threat profiling tier analysis trust model Web services 2nd best practices Message Inspector Message Interceptor Gateway pitfalls references Secure Message Router Web tier 2nd 3rd Authentication Enforcer Authorization Enforcer best practices Intercepting Validator Intercepting Web Agent references Secure Base Action Secure Logger Secure Pipe Secure Service Proxy Security principles, references for Security Provider patterns Security provisioning references security patterns best practices and pitfalls Password Synchronizer summary Security realms for smart cards J2EE 2nd JAAS Security requirements and goals authentication authorization confidentiality integrity non-repudiation Security Services Security tokens. [See Tokens] Security Wheel hub spokes wheel edge SecurityException class SecurityManager class SecurityProtocolHandler class SecurityToken class 2nd Self-healing in Web services patterns Sensitive But Unclassified (SBU) information Sensitive information in case study Secure Logger pattern Secure Session Object pattern Web tier patterns Separation of responsibility Sequence diagrams identity provider agent strategy in security patterns 2nd Assertion Builder Audit Interceptor Authentication Enforcer Authorization Enforcer Container Managed Security Credential Tokenizer Dynamic Service Management Intercepting Validator 2nd Intercepting Web Agent Message Inspector Message Interceptor Gateway Obfuscated Transfer Object Password Synchronizer Policy Delegate Secure Base Action Secure Logger Secure Message Router Secure Pipe Secure Service Facade Secure Service Proxy Secure Session Object Single Sign-on Delegator JAAS Login Module strategy Sequence numbers for deletion detection 2nd Server Gated Cryptography (SGC) Server mutual authentication Server-side communication Server-side SSL example Server-to-server connections in case study in use cases Web tier patterns ServerHello messages Servers DMZ for biometrics for smart cards in provisioning 2nd in use cases Password Synchronizer pattern SASL Secure Pipe pattern sizing Service Locator pattern and Secure Service Facade pattern and Single Sign-on Delegator pattern related Service provider interfaces (SPIs) in Credential Tokenizer patterns in PAMs Service providers for Web services in Liberty specifications 2nd Single Sign-on Delegator pattern 2nd Service provisioning business challenges identity management relationship in Security Services scope security patterns for 2nd user account. [See User account provisioning] Service Provisioning Markup Language (SPML) 2nd 3rd features implementation operations Service registry Service requesters 2nd 3rd Service-level agreements (SLAs) 2nd Service-Oriented Architecture (SOA) 2nd 3rd ServiceConfig class 2nd ServiceConfigContext class ServiceEndpoint class Message Inspector pattern Message Interceptor Gateway pattern Secure Message Router pattern serviceLocator method ServiceLocator service ServiceManager class 2nd ServiceProvider class 2nd Services aggregation of as weakest links continuity and recovery in use cases in Web services strategies directory 2nd in case study catalog order fulfillment order management user login penetration tests Web. [See Web services tier] Servlets Session Authority entity Session Facade pattern and Secure Service Facade pattern and Secure Session Object pattern Session facade strategy Session pattern Sessions MIDlet states Liberty Alliance SSL theft Single Sign-on Delegator pattern Web services timeouts in tracking cookies and URL rewriting in Web tier patterns weak identifiers setActionList method setAssertionType method 2nd setAuthenticationMethod method 2nd setComponentsConfig method setConfigProperties method setConfRef method setData method setLoginContext method setMaxInactiveInterval method setMessageDrivenContext method setProtocolBinding method AssertionContextImpl PasswordSyncRequest SSOContextImpl setRegistryFileName method setSecureTransferObject method setSecurityManager method setServiceName method setSessionInfo method 2nd setSSOTokenMap method setStatus method setTokenType method Setup IDS setupDefaultUserProfile method SGC (Server Gated Cryptography) SHA-1 cryptography for JCA message digests in Cryptographic Service Providers SHA1 encryption SHA256 encryption SHA512 encryption sign method Signature Signer Sign-ons EIS tier multiple 2nd single. [See Single sign-on (SSO) mechanisms] Signature class JCA Secure Logger pattern Signatures Assertion Builder pattern for JAD files in Java System Access Manager JCA verification 2nd Web services patterns WS-Security 2nd XML. [See XML (Extensible Markup Language)] Signed applets Signed MIDlets Signed security tokens Signer class Signing jar files in Web tier patterns jarsigner for Simple Authentication and Security Layer (SASL) clients 2nd installing servers Simple Object Access Protocol. [See SOAP (Simple Object Access Protocol) and SOAP messages] SimpleFormAction class Single Access Point patterns Single Logout Profile Single Loss Expectancy (SLE) Single service secure service proxy strategy Single sign-on (SSO) mechanisms 2nd 3rd Assertion Builder pattern biometrics Credential Tokenizer patterns cross-domain 2nd federated identity management in case study in use cases J2EE authentication JAAS authorization JGSS Liberty Alliance 2nd 3rd 4th Password Synchronizer pattern SAML in through portals user account provisioning 2nd Web services Single Sign-on Delegator pattern 2nd 3rd consequences forces participants and responsibilities problem reality check related patterns Assertion Builder Password Synchronizer sample code security factors and risks solution strategies structure SLAs (service-level agreements) 2nd SLE (Single Loss Expectancy) Smart cards 2nd 3rd architecture and implementation model as Java key stores best practices components for physical access control in Java security in JCE in multi-factor authentication Java Card technology logical architecture operational model snoop method SOA (Service-Oriented Architecture) 2nd 3rd SOAP (Simple Object Access Protocol) and SOAP messages in security patterns 2nd Message Inspector 2nd 3rd Password Synchronizer Secure Message Router Secure Service Proxy SAML SPML WS-Policy WS-Security 2nd Socket factories SocketFactory class Solution in security patterns Assertion Builder Audit Interceptor Authentication Enforcer Authorization Enforcer Container Managed Security Credential Tokenizer Dynamic Service Management Intercepting Validator Intercepting Web Agent Message Inspector Message Interceptor Gateway Obfuscated Transfer Object Password Synchronizer Policy Delegate Secure Base Action Secure Logger Secure Message Router Secure Pipe Secure Service Facade Secure Service Proxy Secure Session Object Single Sign-on Delegator SOP (Standard Operating Procedure) documents Source code scanners SourceBaseAction class SourceSite class 2nd SOX (Sarbanes-Oxley Act) identity protection in 2nd in security provisioning patterns SPIs (service provider interfaces) in Credential Tokenizer patterns in PAMs SPKI SPML (Service Provisioning Markup Language) 2nd 3rd features implementation operations Spokes in Security Wheel Spoofing and client-side validations in Web services SQL embedded commands injection vulnerability SQLValidator SSL (Secure Socket Layer) accelerators 2nd for RMI socket factories in case study issues J2EE 2nd 3rd JSSE for secure socket connections HTTP over SSL role of vs. TLS Web services 2nd Web-server-based WS-Security XML encryption SSL_NULL_WITH_NULL_NULL SSLEngine class SSLxxx classes SSO. [See Single sign-on (SSO) mechanisms] SSOContext class 2nd SSOContextImpl class SSODelegator class 2nd 3rd SSODelegatorException class SSODelegatorFactory class 2nd 3rd SSOServiceProvider class 2nd Standard Operating Procedure (SOP) documents Standards Authentication Enforcer pattern smart cards Web services 2nd 3rd start method PasswordSyncLedger PasswordSyncRequest State maintenance in Liberty Alliance sessions Stateful firewalls Stateful transactions Stateless transactions Stateless/stateful Policy Delegate Static conformance requirements Static mappings Stolen smart cards Storage, insecure Strategies in security patterns 2nd Assertion Builder Audit Interceptor Authentication Enforcer Authorization Enforcer Container Managed Security Credential Tokenizer Dynamic Service Management Intercepting Validator Intercepting Web Agent Message Inspector Message Interceptor Gateway Obfuscated Transfer Object Password Synchronizer Policy Delegate Secure Base Action Secure Logger Secure Message Router Secure Pipe Secure Service Facade Secure Service Proxy Secure Session Object Single Sign-on Delegator Stream ciphers Stress testing String encryption Strong cryptography Structural transformations Structure in security patterns Assertion Builder Audit Interceptor Authentication Enforcer Authorization Enforcer Container Managed Security Credential Tokenizer Dynamic Service Management Intercepting Validator Intercepting Web Agent Message Inspector Message Interceptor Gateway Obfuscated Transfer Object Password Synchronizer Policy Delegate Secure Base Action Secure Logger Secure Message Router Secure Pipe Secure Service Facade Secure Service Proxy Secure Session Object Single Sign-on Delegator Subject class Authentication Enforcer pattern Authorization Enforcer pattern JAAS authorization 2nd Subject Descriptor pattern Subjects in JAAS authorization 2nd Login Module strategy Sufficient flag Summaries of security factors SunJCE provider SunJSSE provider SunPKS11 provider Super encryption Support strategy in security provisioning patterns Symmetric ciphers Symmetric keys Obfuscated Transfer Object pattern Secure Logger pattern XML Synchronization identity management passwords Password Synchronizer pattern. [See Password Synchronizer pattern] user account provisioning 2nd System constraints System Entry Point System environment in use cases |
Категории