RESTful Java Web Services Security

by adminSecurity

RESTful Java Web Services Security

Language: English

Pages: 144

ISBN: 1783980109

Format: PDF / Kindle (mobi) / ePub


Secure your RESTful applications against common vulnerabilities

About This Book

  • Learn how to use, configure, and set up tools for applications that use RESTful web services to prevent misuse of resources
  • Get to know and fix the most common vulnerabilities of RESTful web services APIs
  • A step-by-step guide portraying the importance of securing a RESTful web service with simple examples applied to real-world scenarios

Who This Book Is For

This book is intended for web application developers who use RESTful web services to power their websites. Prior knowledge of RESTful is not mandatory, but would be advisable.

What You Will Learn

  • Set up, implement, and personalize your development and test environment
  • Learn, understand, and assimilate concepts inherent to security management on RESTful applications and the importance of these concepts
  • Implement and test security on your applications that use RESTful web services with the most useful techniques and interpret the test results
  • Apply and configure secure protocols on your application
  • Implement, configure, and integrate other technologies such as OAuth or SSO with RESTful applications
  • Learn and assimilate security concepts at JEE application and container level
  • Understand digital signatures and message encryption through descriptive examples

In Detail

This book will serve as a practical companion for you to learn about common vulnerabilities when using RESTful services, and will provide you with an indispensable knowledge of the tools you can use to implement and test security on your applications. It will cover the fine details of setting up RESTful services such as implementing RESTEasy and securing transmission protocols such as the OAuth protocol and its integration with RESTEasy. Furthermore, it also explains the implementation of digital signatures and the integration of the Doseta framework with RESTEasy.

With this book, you will be able to design your own security implementation or use a protocol to grant permissions over your RESTful applications with OAuth. You will also gain knowledge about the working of other features such as configuring and verifying HTTP and HTTPS protocols, certificates, and securing protocols for data transmission. By the end of this book, you will have comprehensive knowledge that will help you to detect and solve vulnerabilities.

Security for Wireless Implantable Medical Devices

Hacking: The Art of Exploitation (2nd Edition)

The Black Banners: The Inside Story of 9/11 and the War Against al-Qaeda

Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation

 

 

 

 

 

 

 

 

 

 

 

Of code: private static KeyStore loadKeyStore(String filename, String password) throws Exception { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); File keyStoreFile = new File(filename); FileInputStream keyStoreStream = new FileInputStream(keyStoreFile); keyStore.load(keyStoreStream, password.toCharArray()); keyStoreStream.close(); return keyStore; } This method receives two parameters, the filename and the password, and creates the object KeyStore. It also creates a.

@Produces("application/json") public List getCompactDiscs() { ArrayList compactDiscList = new ArrayList(); compactDiscList.add("The Ramones"); compactDiscList.add("The Clash"); compactDiscList.add("Nirvana"); return compactDiscList; } } As you can see, the method getCompactDiscs() is in charge of creating a list of strings, which each item will represent as a compact disc as this is an example in which we will add three items. The @Produces annotations are used to.

Information. As we keep using the same application business, we can reuse the web pages of the previous example. Make sure to incorporate in to your example, in the same path as in the previous example, the web pages index.html and discsList.jsp. We will also use the configuration set in the jboss-deployment-structure.xml file since we are using the same module dependencies. Our web.xml file should look simpler than the previous example, so it might be something like the following:

After this, we have to open our favorite browser and type the URL https://localhost:8443/token-grant/. This will lead us to the following web page: Well, as you notice, we reused the same web page, just for the purpose of these examples. There is, however, a little difference; when calling a different web page, you can look in the core we just explained. This will execute a token, where we will perform a request to the data we want to access through this token. As a result, we will read the list.

UpdatePriceByDiscName() can be accessed and executed by users with the role ADMIN. If you noticed in the preceding code, we used the class CompactDiscDatabase, which simulates a database. We applied the same technique in the previous examples. As it worked very well, let's do it again. This class doesn't have any special code. You can get an idea about this from the following code: public class CompactDiscDatabase { public static HashMap compactDiscs = new HashMap

Download sample

Download