Security
Resin 3.0

Features
Installation
Configuration
Web Applications
IOC/AOP
Resources
JSP
Quercus
Servlets and Filters
Databases
Admin (JMX)
CMP
EJB
Amber
EJB 3.0
Security
XML and XSLT
XTP
JMS
Performance
Protocols
Third-party
Troubleshooting/FAQ

Authentication
Digest Passwords
Authorization
SSL
Security Manager
Malicious Attacks
Tutorials
FAQ
Scrapbook
EJB 3.0
Resin 3.0
Authentication

Authentication with Resin

Authentication provides a method for a username and password combination to be provided by a user and then verified by the web server. By using Resin's Authenticator API for login support, applications can add security without writing an entire authentication library.

Digest Passwords

Digest passwords enable an application to avoid storing and even transmitting the password in a form that someone can read.

Authorization with Resin

Authorization is used to mark sections and resources of a web site that have limited access. Constraints are used to indicate the criteria for access, typically the constraint is based on a user login, but it can also include such things as limiting access to clients from a certain ip address and requiring that a secure transport such as SSL is in use.

SSL with Resin

SSL (Secure Sockets Layer) is a commonly-used protocol for managing the security of message transmission on the Internet. SSL in your web server provides support for the familiar https:// protocol.

Security Manager with Resin

In ISP environments, it's important that each user have restricted permissions to use the server. Normally, the web server will be run as a non-root user so the users can't read system files, but that user will still have read access. The use of RMI also requires a security manager.

Malicious Attacks

Resin is a very mature product, and has not had any security reports in a long time. Here we discuss some common methods used to attack web servers, and how they are handled by Resin and how they apply to your applications.

Security Tutorials
Basic Security and Resin's XmlAuthenticator

This tutorial covers the basics of JSP and Servlet security and the use of Resin's XmlAuthenticator.

Security FAQ

Can I use different SSL certificates for each virtual host?

We have two domains on one server.

Why does Resin say I need OPENSSL_THREADS when I try to use OpenSSL?

Resin dies with an error on startup "Resin requires a threaded version of OpenSSL.

What is the sequence of handshakes for an SSL connection?

Security Scrapbook

A repository of notes and comments that will eventually make their way into the documentation. Please treat the information here with caution, it has often not been verified.

How do I handle port 80 and root issues on Linux?

When using the 2.6 Linux kernel or RedHat 9.0, you can use the standard user-name configuration.

Where can I learn more about SSL?
Converting a JSSE Keystore to OpenSSL
How can I handle SSL for virtual hosts if I have a separate IP for each host?

I have different IP's, but am trying to avoid using them in the config files as we have a develepment, staging and production environment each of which would have different IP's.


EJB 3.0
Resin 3.0
Authentication
Copyright © 1998-2006 Caucho Technology, Inc. All rights reserved.
Resin® is a registered trademark, and HardCoretm and Quercustm are trademarks of Caucho Technology, Inc.