48 Getting Started Securing Web Applications

The ways to implement security for Java EE web applications are discussed in a general way in Securing Containers. This chapter provides more detail and a few examples that explore these security services as they relate to web components.

A web application is accessed using a web browser over a network, such as the Internet or a company's intranet. As discussed in Distributed Multitiered Applications, the Java EE platform uses a distributed multitiered application model, and web applications run in the web tier.

Web applications contain resources that can be accessed by many users. These resources often traverse unprotected, open networks, such as the Internet. In such an environment, a substantial number of web applications will require some type of security.

Securing applications and their clients in the business tier and the EIS tier is discussed in Chapter 49, "Getting Started Securing Enterprise Applications".

The following topics are addressed here:

• Overview of Web Application Security

• Securing Web Applications

• Using Programmatic Security with Web Applications

• Examples: Securing Web Applications