• Home

  • Documents

  • Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand...
39
Enterprise Java v131111 Java EE Security 1 Java EE Security

Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

Embed Size (px)

Citation preview

Page 1: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 1

Java EESecurity

Page 2: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 2

Goals

• Understand the basic concepts behind Java EE Security• Be able to define an access control policy for our

applications– EJB Tier– Web Tier

• Be able to define and use an authentication provider

Page 3: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 3

Objectives• Java EE Access Control Points• EJB Access Control• JNDI Login• Web Tier Access Control• Run-As

Page 4: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 4

Java EE Access Control Points

Security Infrastructure (Application Server *may* Use JAAS)

Web Tier(Servlets and JSPs)

* HTTP Basic* HTTPS Client* Form Based

EJB Tier(Session Beans)

EJB Security

Local, RMI/IIOP

RMI/IIOP

App Client

* new InitialContext(props)* JAAS

Resource

Browser

HTTP Clients

HTTP/HTTPS

Page 5: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 5

EJB Security

Page 6: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 6

EJB Access Control: Annotations @PermitAll public String pingAll() { return getInfo("pingAll"); }

@RolesAllowed({"user"}) public String pingUser() { return getInfo("pingUser"); }

@RolesAllowed({"admin"}) public String pingAdmin() { return getInfo("pingAdmin"); }

@DenyAll public String pingExcluded() { return getInfo("pingExcluded"); }

Page 7: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 7

EJB Access Control: ejb-jar.xml <assembly-descriptor> <method-permission> <unchecked/> <method> <ejb-name>SecurePingEJB</ejb-name> <method-name>pingAll</method-name> </method> </method-permission> <method-permission> <role-name>admin</role-name>... <method-name>pingAdmin</method-name> </method> </method-permission> <method-permission> <excluded/>... <method-name>pingExcluded</method-name> </method> </method-permission> </assembly-descriptor>

Page 8: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 8

Programmatic Security• Permits access control down to object level@PermitAllpublic void internalCheck() { if (ctx.isCallerInRole(“internalRole”)) { ... }}

• ejb-jar.xml – map internal role-name to security-role<enterprise-beans> <session> <ejb-name>SecurePingEJB</ejb-name> <security-role-ref> <description>role-name checked within EJB </description> <role-name>internalRole</role-name> <role-link>admin</role-link> </security-role-ref> </session></enterprise-beans> <assembly-descriptor> <security-role> <role-name>admin</role-name> </security-role></assembly-descriptor>

Page 9: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 9

JBoss Server Setup: standalone.xml<security-domain name="other" cache-type="default"> <authentication>     <login-module code="Remoting" flag="optional">         <module-option name="password-stacking" value="useFirstPass"/>        </login-module>

        <login-module code="RealmUsersRoles" flag="required">         <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>            <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>            <module-option name="realm" value="ApplicationRealm"/>            <module-option name="password-stacking" value="useFirstPass"/>        </login-module>

</authentication></security-domain>

Page 10: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 10

EJB Setup: META-INF/jboss-ejb3.xml<?xml version="1.0"?><jboss:ejb-jar xmlns:jboss="http://www.jboss.com/xml/ns/javaee" xmlns:sec="urn:security" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd http://java.sun.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-spec-2_0.xsd urn:security urn:security" version="3.1" impl-version="2.0">

    <assembly-descriptor>        <sec:security>            <ejb-name>*</ejb-name>            <sec:security-domain>other</sec:security-domain>        </sec:security>    </assembly-descriptor> </jboss:ejb-jar>

Page 11: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 11

JBoss Server Setup: UserRolesLoginModule> cat standalone/configuration/application-users.propertiesknown=3745b3f6973383c9c11810c7b200b1f4user1=2dc3eacfed8cf95a4a31159167b936fcadmin1=2ae76a0e3f0b615a6229c880555273b5publisher1=339f01ebd721959a38efe71b27cb9e0fsubscriber1=a74cfc25bf9656748f8c739e85c458edrequestor1=46f7f1aa4b38e1ea1ac9e638453fcf4aworker1=b7c10ea4277ca245d50b85707728ddf3

> cat standalone/configuration/application-roles.propertiesuser1=useradmin1=user,adminpublisher1=publishersubscriber1=subscriberrequestor1=requestorworker1=worker

Page 12: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJavaAlternate Modules

<application-policy name = "ejavaDomain"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="sufficient"> <!-- first provide a quick back door --> <module-option name="unauthenticatedIdentity">anonymous </module-option> </login-module> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <!-- now delegate realistic DB module --> <module-option name = "unauthenticatedIdentity">anonymous </module-option> <module-option name = "dsJndiName">java:/ejavaDS</module-option> <module-option name = "principalsQuery"> SELECT PASSWD FROM EJAVA_Users WHERE USERID=?</module-option> <module-option name = "rolesQuery"> SELECT Role, 'Roles' FROM EJAVA_UserRoles WHERE USERID=? </module-option> </login-module> </authentication></application-policy>

v131111 Java EE Security 12

Page 13: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 13

JBoss Server Setup: DatabaseServerLoginModule• securePing_create.ddl

CREATE TABLE EJAVA_Users( userId VARCHAR(32) PRIMARY KEY, passwd VARCHAR(64))CREATE TABLE EJAVA_UserRoles( userId VARCHAR(32), Role VARCHAR(32))

• securePing_populate.ddlinsert into EJAVA_Users values('admin3', 'password')insert into EJAVA_UserRoles values('admin3', 'admin')insert into EJAVA_UserRoles values('admin3', 'user')

insert into EJAVA_Users values('user4', 'password')insert into EJAVA_UserRoles values('user4', 'user')

Page 14: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 14

Client AuthenticationJNDI Login

Page 15: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJavajndi.properties (JBoss Remoting)

$ cat src/test/resources/jndi.properties java.naming.factory.initial=${jboss.remoting.java.naming.factory.initial}java.naming.factory.url.pkgs=${jboss.remoting.java.naming.factory.url.pkgs}java.naming.provider.url=${jboss.remoting.java.naming.provider.url}#java.naming.security.principal=${jboss.remoting.java.naming.security.principal}#java.naming.security.credentials=${jboss.remoting.java.naming.security.credentials}jboss.naming.client.ejb.context=true

$ cat target/test-classes/jndi.properties java.naming.factory.initial=org.jboss.naming.remote.client.InitialContextFactoryjava.naming.factory.url.pkgs=java.naming.provider.url=remote://127.0.0.1:4447#java.naming.security.principal=known#java.naming.security.credentials=passwordjboss.naming.client.ejb.context=true

v131111 Java EE Security 15

Page 16: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJavaInitialContext

private Context runAs(String username, String password) throws NamingException {

        Properties env = new Properties();

        if (username != null) {env.put(Context.SECURITY_PRINCIPAL, username);env.put(Context.SECURITY_CREDENTIALS, password);

        }        return new InitialContext(env);

v131111 Java EE Security 16

Page 17: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJavaAuthentication

Context jndi = null;try {

jndi = runAs(adminUser, adminPassword);         SecurePing ejb=(SecurePing)jndi.lookup(jndiName);         String result=ejb.pingAll();         log.info(result);}catch (Exception ex) {        fail("error calling pingAll:" +ex);} finally {

if (jndi != null) { jndi.close(); jndi=null; }}

v131111 Java EE Security 17

Page 18: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 18

Client/EJB Test Drive: EJB Code@RolesAllowed({"admin"})public String pingAdmin() { return getInfo("pingAdmin");}

private String getInfo(String prefix) { StringBuilder text = new StringBuilder(); text.append("called " + prefix); try { text.append(", principal="+ ctx.getCallerPrincipal().getName()); text.append(", isUser=" + ctx.isCallerInRole("user")); text.append(", isAdmin=" + ctx.isCallerInRole("admin")); text.append(", isInternalRole=" + ctx.isCallerInRole("internalRole")); } catch (Throwable ex) { text.append(", error calling Session Context:" + ex); } String result = text.toString(); return result; }

Page 19: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 19

Client/EJB Test Drive: Anonymous Clienttry { jndi=runAs(null, null); SecurePing ejb=(SecurePing)jndi.lookup(jndiName); log.info(ejb.pingAdmin()); fail("didn't detect anonymous user");} catch (NamingException ex) { log.info("expected exception thrown:" + ex);} catch (Exception ex) { fail("unexpected exception type:" + ex);} finally { if (jndi != null) { jndi.close(); jndi=null; }}

-expected exception thrown:javax.naming.NamingException: Failed to create remoting connection [Root exception is java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed]

Page 20: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 20

Client/EJB Test Drive: Known Client try { jndi=runAs(knownUser, knownPassword); SecurePing ejb=(SecurePing)jndi.lookup(jndiName); log.info(ejb.pingAdmin()); fail("didn't detect known, but non-admin user");} catch (EJBAccessException ex) { log.info("expected exception thrown:" + ex);} catch (Exception ex) { fail("unexpected exception type:" + ex);} finally { if (jndi != null) { jndi.close(); jndi=null; }}

-expected exception thrown:javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public abstract java.lang.String ejava.examples.secureping.ejb.SecurePing.pingAdmin() of bean: SecurePingEJB is not allowed

Page 21: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 21

Client/EJB Test Drive: User Client try { jndi = runAs(userUser, userPassword); SecurePing ejb=(SecurePing)jndi.lookup(jndiName); log.info(ejb.pingAdmin()); fail("didn't detect non-admin user");} catch (EJBAccessException ex) { log.info("expected exception thrown:" + ex);} catch (Exception ex) { fail("unexpected exception type:" + ex);} finally { if (jndi != null) { jndi.close(); jndi=null; }}

-expected exception thrown:javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public abstract java.lang.String ejava.examples.secureping.ejb.SecurePing.pingAdmin() of bean: SecurePingEJB is not allowed

Page 22: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 22

Client/EJB Test Drive: Admin Clienttry { jndi = runAs(adminUser, adminPassword); SecurePing ejb=(SecurePing)jndi.lookup(jndiName); log.info(ejb.pingAdmin());} catch (Exception ex) { log.info("error calling pingAdmin:" + ex, ex); fail("error calling pingAdmin:" +ex);} finally { if (jndi != null) { jndi.close(); jndi=null; }}

-called pingAdmin, principal=admin1, isUser=true, isAdmin=true, isInternalRole=true

Page 23: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 23

Web Tier Access Control

Page 24: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 24

Web Tier Access Control

• HTTP Basic Authentication– supported by HTTP protocol– based on username/password

• browser collects information from client• authenticates user into a realm

– not secure; passwords sent simple base64 encoding– target server not authenticated– short-comings overcome by layering over TLS (HTTPS)

• HTTPS Client Authentication– based on public key/private key

• Form Based Authentication– permits the use of JSP/HTML forms to gather user info

Page 25: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 25

web.xml: admin/* security constraint<security-constraint> <web-resource-collection> <web-resource-name>admin-only</web-resource-name> <url-pattern>/model/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint></security-constraint><login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/WEB-INF/content/Login.jsp </form-login-page> <form-error-page>/WEB-INF/content/Login.jsp </form-error-page> </form-login-config></login-config>

Page 26: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 26

web.xml: servlet mapping<servlet> <servlet-name>Handler</servlet-name> <servlet-class> ejava.examples.secureping.web.SecurePingHandlerServlet </servlet-class></servlet> <servlet-mapping> <servlet-name>Handler</servlet-name> <url-pattern>/model/admin/handler</url-pattern></servlet-mapping><servlet-mapping> <servlet-name>Handler</servlet-name> <url-pattern>/model/user/handler</url-pattern></servlet-mapping><servlet-mapping> <servlet-name>Handler</servlet-name> <url-pattern>/model/handler</url-pattern></servlet-mapping>

Page 27: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 27

WEB-INF/jboss-web.xml: security-domain<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN“ "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">

<jboss-web>      <security-domain>other</security-domain> </jboss-web>

Page 28: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 28

FORM Login.jsp/html<html> <body> <h1>Login Required</h1>

<form action="j_security_check" method="POST"> User Name: <input type="text" size="20" name="j_username"><p/> Password: <input type="password" size="10" name="j_password"><p/> <input type="submit" value="Login"></form>

</body><html>

Page 29: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 29

FORM Based Authenticationtransport-guarantee=CONFIDENTIAL

Page 30: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 30

Web Authentication Context Passed to EJB

Page 31: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 31

web.xml: user/* security constraint<security-constraint> <web-resource-collection> <web-resource-name>user-access</web-resource-name> <url-pattern>/model/user/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint></security-constraint>

<login-config> <auth-method>BASIC</auth-method></login-config>

Page 32: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 32

BASIC Authentication

Page 33: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 33

Web Subject not Authorized by EJB Tier

Page 34: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 34

run-as

• caller-identity– default– uses caller Principal and roles

• role-name– uses a named role– allows methods to be invoked on behalf of a user

Page 35: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 35

run-as:ejb-jar.xml<session> <ejb-name>SecurePingClientEJB</ejb-name> <ejb-ref> <ejb-ref-name>ejb/SecurePingEJB</ejb-ref-name> <ejb-ref-type>Session</ejb-ref-type> <remote>ejava.examples.secureping.ejb.SecurePingEJB</remote> <injection-target> <injection-target-class> ejava.examples.secureping.ejb.SecurePingClientEJB </injection-target-class> <injection-target-name> securePingServer </injection-target-name> </injection-target> </ejb-ref> <security-identity> <run-as> <role-name>admin</role-name> </run-as> </security-identity></session>

Page 36: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 36

run-as:META-INF/jboss-ejb3.xml<?xml version="1.0"?> <jboss:ejb-jar xmlns:jboss="http://www.jboss.com/xml/ns/javaee" xmlns:sec="urn:security" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd http://java.sun.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-spec-2_0.xsd urn:security urn:security" version="3.1" impl-version="2.0">…

<assembly-descriptor> <sec:security> <ejb-name>*</ejb-name> <sec:security-domain>other</sec:security-domain> <sec:run-as-principal>admin1</sec:run-as-principal> </sec:security> </assembly-descriptor>

</jboss:ejb-jar>

Page 37: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 37

run-as: thread output

• run-as is allowing all users call pingAdmin method• real principal name supplied by ctx.getPrincipal() by

both EJBs

-*** testPingAdmin *** -securePingClient called pingAll, principal=known, isUser=false, isAdmin=false, isInternalRole=false:securePing=called pingAll, principal=admin1, isUser=false, isAdmin=true, isInternalRole=true

-securePingClient called pingAll, principal=user1, isUser=true, isAdmin=false, isInternalRole=false:securePing=called pingAll, principal=admin1, isUser=false, isAdmin=true, isInternalRole=true

-securePingClient called pingAll, principal=admin1, isUser=true, isAdmin=true, isInternalRole=false:securePing=called pingAll, principal=admin1, isUser=false, isAdmin=true, isInternalRole=true

Page 38: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 38

Summary• Java EE

– requires provider to provider authentication– defines access control specifications for components

• Java EE does not– dictate the authentication mechanisms used– dictate the access control mechanisms used

• EJB Access Control– class/method level

• JNDI Login• JBoss Login Modules• Web Tier Access Control• run-as

Page 39: Enterprise Java v131111Java EE Security1. Enterprise Java v131111Java EE Security2 Goals Understand the basic concepts behind Java EE Security Be able

EnterpriseJava

v131111 Java EE Security 39

References

• “Enterprise JavaBeans 3.0, 5th Edition”; Burke & Monsen-Haefel; ISBN 0-596-00978-X; O'Reilly

• Sun Developer Network (SDN), JAAS Reference Documentation http://java.sun.com/products/jaas/reference/docs/index.html

• Java EE 5 Specification http://jcp.org/aboutJava/communityprocess/final/jsr244/index.html


Java ee introduction

Java ee introduction

Technology
Java SE 8 for Java EE developers

Java SE 8 for Java EE developers

Education
Java EE Microservices

Java EE Microservices

Software
THEFT-PROOF JAVA EE - SECURING YOUR JAVA EE APPLICATIONS

THEFT-PROOF JAVA EE - SECURING YOUR JAVA EE APPLICATIONS

Technology
Java EE Patterns Dan Bugariu. What is Java EE ? What is a Pattern ?

Java EE Patterns Dan Bugariu. What is Java EE ? What is a Pattern ?

Documents
Java EE 7: Developing for the Cloud Arun Gupta, Java EE & GlassFish Guy

Java EE 7: Developing for the Cloud Arun Gupta, Java EE & GlassFish Guy

Documents
Table of Contents · Introduction: Java EE, Jakarta EE and Microprofile The Java Enterprise Edition (Java EE) is a superset of Java Standard Edition (Java SE) that dictates the basic

Table of Contents · Introduction: Java EE, Jakarta EE and Microprofile The Java Enterprise Edition (Java EE) is a superset of Java Standard Edition (Java SE) that dictates the basic

Documents
JAVA EE Productiv JAVA EE Productivity Report 2011

JAVA EE Productiv JAVA EE Productivity Report 2011

Documents
Java EE 6 Update - JUG EE is pushed to greatly simplify the Java EE programming model…» Spring vs. Java EE and why I ... Java EE Spring EJB ... CDI Java SE Bootstrap and JPA

Java EE 6 Update - JUG EE is pushed to greatly simplify the Java EE programming model…» Spring vs. Java EE and why I ... Java EE Spring EJB ... CDI Java SE Bootstrap and JPA

Documents
Basic Java EE Book

Basic Java EE Book

Documents
Java EE | Java EE 7: Developing for the Cloud | Arun Gupta

Java EE | Java EE 7: Developing for the Cloud | Arun Gupta

Technology
Java Ee Foundations

Java Ee Foundations

Documents
J2EE vs Java EE - IndicThreads – Software Developer · PDF fileJ2EE vs Java EE Sanjeeb Sahoo Staff ... Single persistence API for Java EE and Java SE ... Java EE 5 – 7 classes,

J2EE vs Java EE - IndicThreads – Software Developer · PDF fileJ2EE vs Java EE Sanjeeb Sahoo Staff ... Single persistence API for Java EE and Java SE ... Java EE 5 – 7 classes,

Documents
Websphere WS Security2

Websphere WS Security2

Documents
Java EE Operator's Guide (Java EE 6 Edition)Java EE Operator's Guide (Java EE 6 Edition) Preface Purpose of this Document This document introduces the environment builds and application

Java EE Operator's Guide (Java EE 6 Edition)Java EE Operator's Guide (Java EE 6 Edition) Preface Purpose of this Document This document introduces the environment builds and application

Documents
Java EE 6 Detail

Java EE 6 Detail

Technology
Java and Java EE Technologies

Java and Java EE Technologies

Documents
Java EE Security

Java EE Security

Documents
Manual Java EE

Manual Java EE

Documents
Information Security2

Information Security2

Documents
Java EE and EJBs - UPapm/TDIN/docs/09ejbs.pdf · Java EE and EJBs Distributed Components in Java APM@FEUP. JavaEE and EJBs 2 General architecture of Java EE Java EE –Framework for

Java EE and EJBs - UPapm/TDIN/docs/09ejbs.pdf · Java EE and EJBs Distributed Components in Java APM@FEUP. JavaEE and EJBs 2 General architecture of Java EE Java EE –Framework for

Documents
Java EE Class

Java EE Class

Software
Java Summit Chennai: Java EE 7

Java Summit Chennai: Java EE 7

Technology
Enterprise Architectures - cvut.czJPA (EclipseLink)(2 Java EE stack) Websockets(2 Java EE stack) Servlets(2 Java EE stack) Spring(provides similar functionality as Enterprise Java

Enterprise Architectures - cvut.czJPA (EclipseLink)(2 Java EE stack) Websockets(2 Java EE stack) Servlets(2 Java EE stack) Spring(provides similar functionality as Enterprise Java

Documents
What is tackled in the Java EE Security API (Java EE 8)

What is tackled in the Java EE Security API (Java EE 8)

Technology
Java EE Behave!!!!

Java EE Behave!!!!

Technology
Database security2 adebiaye

Database security2 adebiaye

Technology
Java Ee Bank

Java Ee Bank

Documents
JAVA EE Productiv JAVA EE Productivity Report - ZeroTurnaround

JAVA EE Productiv JAVA EE Productivity Report - ZeroTurnaround

Documents
Java EE Training

Java EE Training

Documents