Three Approaches to Securing Your JavaServer Faces Technology/Spring/Hibernate Applications
TS-4514

There are at least three security frameworks for securing your JavaServer Faces technology/Spring/Hibernate applications. Container security (such as page navigation), JavaServer Faces technology security (role-based security for JavaServer Faces components), and the Spring-Acegi framework (role-based access for web pages and Spring beans) are frameworks that address different problems in different tiers. Picking an inappropriate solution may affect the overall security.

Security for JavaServer Faces technology/Spring/Hibernate applications should be end-to-end instead of security for the web tier. This session discusses how different security frameworks can secure the web pages components; the business tier, such as the JavaBeans architecture; the data tier, such as data objects using Hibernate; and techniques to support both web and non-web applications and a variety of security providers, such as Java Authentication and Authorization Service (JAAS), database, and LDAP.

The session uses a loan application example. Developers get perspective on when and why each security framework should be used and the drawbacks of each.

Watch The Session
You need to be a registered Sun Developer Network member to view this multimedia session. If you are a registered SDN member, please click on "Watch Multimedia" button to log-in to view the multimedia session. If you wish to join SDN, please click here.