Tuesday, September 21, 2010

JavaOne 2010 Presentation: Application Security Enhancements in Java EE 6

I spoke at JavaOne 2010 conference yesterday on the topic of Application Security Enhancements in Java EE 6.

Java EE 6, released earlier this year, includes several significant enhancements especially in the areas of annotation based authentication and authorization in the web tier. So, if you are developing lightweight web applications where you don't want to use EJB components for the application security requirements, you now have a choice of implementing the authentication (declaratively or programmatically) and authorization aspects in the Controller classes (Servlets).

Session abstract:
Java EE 6 includes some interesting security enhancements in the areas of Web container security as well as authentication and authorization aspects in Web application development. This session will give an overview of these new security features and discuss the details of how to use them, with help of a sample Java application, in real-world enterprise Java applications. The discussion will include how developers can take advantage of programmatic and declarative (@ServletSecurity, @DeclareRoles) security features. It will also include a discussion on Java EE security technologies such as Java Authentication Service Provider Interface for Containers (JSR 196) and Java Authorization Contract for Containers (JSR 115).

I did couple of demo's on how to use the new security features. This is my first time attending JavaOne conference as a speaker and it's been a great experience so far.

I also wrote on InfoQ website about the new security features provided by Java EE 6 release.

If you have been using other security frameworks like Spring Security, Java EE 6 is definitely you should look at. While there are some differences in what Spring Security 3 framework offers in terms of role based access, EL based authorization etc, the new web-tier security features in Java EE 6 make it easier to implement the security aspects without coupling the security logic with application or business logic.

4 comments:

tenax_technologies said...

Java Platform, Enterprise Edition (Java EE) is the industry-standard platform for building enterprise-class applications coded in the Java programming language. Based on the solid foundation of Java Platform, Standard Edition (Java SE), Java EE adds libraries and system services that support the scalability, accessibility, security, integrity, and other requirements of enterprise-class applications. java software company

Hazel said...

I'm so glad to know that application security in Java EE 6 has been enhanced. For sure, it is a big contribution for security in web development. Toronto, our hometown, has a lot of business establishments, so I guess this upgrade will help them a lot. It is also easy to find a good web designer (Toronto-based).

webdesignstore said...

This is very useful for me and this is my first time i visit here. I found so many interesting stuff in your blog, especially its discussion.
Thanks for sharing this beautiful information.
Haily

Stacey said...
This comment has been removed by the author.