Note: This post is written by our guest author Boni Satani.

Any piece of code or application running on a computer or cloud system is vulnerable to risks and can threaten privacy, security and integrity issues. This fact has gained importance and acceptance by developers round the world and organizations especially dealing with key customers’ data have started giving high priority to security. However, day to day demands of the developer’s job often makes it difficult to follow the security standards after developing applications.
If we talk about applications of various technologies, the one that comes to my mind which is highly popular among developers is Java. Java boasts a solid development architecture however, it lacks sufficient support for securing applications from the threats which introduces mis-configurations and security holes. In such a scenario, it becomes imperative for developers to protect their application right from the application development stage. According to one of the application security experts – Frank Kim“Developers are very interested in security, but when they get back to work they have to focus on timelines and creating features.”. But How? Looking at this issue, developers should be provided a security architecture that protects their Java applications from erroneous and malicious codes. This can be addressed by integrating security frameworks and codes into the development environment that works as an effective strategy and makes developer’s life easier.

Java security

Java security


There are several security frameworks in Java that plays a crucial role in developing a security layer of the applications built on Java. Today, I will throw some light on these Java security frameworks that can be integrated into the Java applications. Before, one jumpstart integrating security codes while Java developing applications in Java, it is advisable to understand each of these security frameworks in order to meet the right security concerns.

JAAS (Java Authentication and Authorization Services) – JAAS is a part of the Java Security Framework that provides an API for the authentication and authorization of users. JAAS comes with J2SE and caters to small and enterprise applications for which security from users is the major issue. It works in the PAM framework – Pluggable Authentication Module and offers security for J2SE applications and not to J2EE, Hence developers seeking basic authentication levels for securing J2SE applications can opt for JAAS.

JGuard – JGuard is an open source Java Security framework that is primarily used for securing Java Web Applications. It is built on JAAS and offers simple and flexible configurations to authenticate and authorize user roles and manage the permission of the users. It can be also considered for resolving access control problems and user rights in standalone and desktop based applications.

Spring Security – Spring Security is a highly customizable framework that is widely used to tackle with authentication and access control issues in Enterprise based applications built on Java. Spring security is preferred security framework for J2EE and offers various security features over and above authentication and authorization. Spring Security is quite easy to learn and deploy and allows developers to inject security into the applications just with a few lines of XML.

Apache Shiro – Apache Shiro is considered as a highly powerful security framework of Java that performs cryptography, authorization and session management of all types of Java applications regardless of their size. Apache Shiro provides an API that is easy to understand and allows securing application quickly. Shiro also has a very active community that helps solve the bugs and issues for developer saving a great deal of time. Apache Shiro is a framework independent and hence can seamlessly work on any Java supported frameworks. Best part is that it has superb integration with the Spring framework and hence one can use the combination to offer all round security. Setting up security in Apache is much simpler in comparison to Spring.

HDIV – HDIV (HTTP Data Integrity Validator) is a Java Web Application Security Framework that extends the functionality of the web application by adding security API in to it. HDIV is widely used for applications built on Struts 1, Struts 2, Spring MVC and JSTL since it offers developers the much needed transparency without adding any complexities in application development.
All these Java Security Frameworks protect the applications exposed in the market by offering the required security in terms of authentication, data validation, access control, session management, encryption, etc. CTOs, technical decision makers as well developers can adopt any of these frameworks depending on the privacy, security and integrity required in a particular application.

About Author:
Boni Satani is Java Technology Consultant, working with Cygnet Infotech – an offshore IT Solution provider. Feel free to reach us for Java Development, Web Services and Java Framework Development related services. You can also connect with me over twitter at @bonirulzz


Disclaimer:
The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Code4Reference. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.

Trackback

2 comments untill now

  1. J2SE and J2EE are outdated, dead terms. It’s Java SE and Java EE since v5.

  2. J2se??? Is this an article from 2002? It has long ago been changed to Java SE.

Add your comment now