In this two-part tutorial, I'll walk you through the process of building a simple web application and deploying it on Bluemix.This example application supports multiple users, but I won't be writing any user management code; instead, I'll integrate Bluemix's Passport service and let it handle all the heavy lifting. Try the demo Get the code on Git Hub Normally, user management within an application involves creating a user dashboard with functions to add new users, edit existing users, and activate, deactivate or delete user accounts.Secure Sockets Layer (SSL) provides secure connections by allowing two applications connecting over a network to authenticate each other's identity and by encrypting the data exchanged between the applications.Authentication allows a server and optionally a client to verify the identity of the application on the other end of a network connection.For example, this attack could result in a transfer of funds, changing a password, or purchasing an item in the user's context.In effect, CSRF attacks are used by an attacker to make a target system perform a function via the target's browser without knowledge of the target user, at least until the unauthorized transaction has been committed.If the targeted end user is an administrator account, a CSRF attack can compromise the entire web application.
Some applications also include additional features, such as role-based access, user profiles, and additional workflows to handle forgotten passwords and user reactivation.
JSSE is the Java standard framework for SSL and TLS and includes both blocking-IO and non-blocking-IO APIs, and a reference implementation including several commonly-trusted CAs.
The JSSE-based SSL implementation interoperates over SSL with instances of Weblogic Server version 8.1 and later using the Certicom SSL implementation.
Note: The following sections apply to Web Logic Server deployments that use the security features in this release of Web Logic Server as well as deployments that use Compatibility Security.
All machines must be kept up to date with the current set of recommended patches from the operating system vendors.
Behind the scenes, implementing all of this usually involves (at minimum) creating a user database, using a secure algorithm to encrypt and validate user passwords, and writing SQL queries to create, update, delete, and authenticate users.