Sudhir Upadhyay

Subscribe to Sudhir Upadhyay: eMailAlertsEmail Alerts
Get Sudhir Upadhyay: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Sudhir Upadhyay

In some of the typical corporate Web application security deployments, users accessing a protected application are authenticated via enterprise identity/access management products, such as Netegrity's SiteMinder, IBM's WebSEAL, and Oblix's Oblix COREid. The authorization service, however, is delegated to the provider of the application itself, or to the application server. The application server authorizes a user based on security constraints defined in a Web application's deployment descriptor. However, before the configured security constraints can be applied to provide authorization, the Web containers need to assert that the user is authenticated to begin with. In other words, the front access managers need to provide some information to the back-end Web containers in order to ensure that the Web containers do not attempt to reauthenticate an authenticated user... (more)

Understanding JSSE

The Java Secure Socket Extension (JSSE) is a set of packages that enable secure Internet communications. It implements a Java version of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It includes functionality for data encryption, server authentication, message integrity, and optional client authentication. Although the JSSE guide provides detailed information on the JSSE API and its use in application programming, this article dives deeper into the different message exchanges involved when a programmatic Java client communicates with a server over ... (more)

Failover and Recovery of Enterprise Applications - Part 1

In enterprise application architecture, it is naïve to assume that none of the software/hardware components will go down. In fact, most of the IT managers and architects acknowledge this. However, a well-tested and robust recovery procedure continues to take a back seat when designing and implementing software projects. In several scenarios, administrators end up performing basic failover testing by shutting down the processes and verifying that the subsequent requests succeeded. Although this level of testing can satisfy the failover requirements for the records, more robust fa... (more)