CSRF for Java EE Aplication - JSF (No Spring Framework) - java

I'm working in a Java EE application with JSF and Primefaces Framework and I need to add some kind of CSRF attack protection. I read about OWASP CSRF Guard but I really don't understand how to implement it into my project and I saw lot of codes using Spring Framework too, but I would like to avoid the implementation of that framework in my project (besides I don't know anything about Spring).
If anyone can help me about how to proceed with this problem or maybe some documentation that I should read or anything to help I will be really thankful.

Related

Java: Basic Spring Security MSSQL membership system needed

I am looking for an implementation of spring security with MSSQL for authorization/authentication for Java. I have seen some tutorials here and there, but I fear that figuring it all out would take more time than I have for this. Is there somewhere I can download some working source code? I'm hoping I can just copy and paste the entities, xml files etc and rename the packages. Does anyone know where I can find such a basic implementation for download?
EDIT
I'm told Spring Security is best, but it doesn't have to be Spring.. just something that works..
It's all in the Spring Security book but I have no idea if you find the source code without buying the book (available digital). I any case I highly recommend that book. It's what taught me Spring Security.

Login System using JSP - forgot password, using sql database?

I am a traditional .NET developer... now I have to create a web application using JSP.
Is there some sort of framework that handles all the login stuff for me?
Register users (and securely store in database using best practices)
forgot password functionality
session tracking (aka make sure only a logged in user can see the page)
Like I said, I'm mostly familiar with .NET Membership. I'm researching Spring, Struts, and Hibernate but am not sure the pros/cons of each yet.
If you had to create this simple web application using JSP how would you go about it?
Thanks for your help :-)
-Josh
Take a look at Spring Security.
Spring Security is a powerful and highly customizable authentication and access-control framework.
Short answer? No.
There are however, very many security frameworks that you can customize to fit your needs. I would recommend looking at Spring Security as a good all-around tool that should fit your needs.

Security Framework like seam for Java EE - JSP, Servlet, DAO

What are some good robust security frameworks for a Java EE application?
We are currently using a custom EJB solution that is lacking the authorization, permissions, rules aspect of a secure web application.
Ideally I would like to use Seam due to the features (we are using JBoss 5) however my first impression is that it does not integrate with jsp pages.
I was wondering if anyone had any suggestions for an alternative for Seam or any insight on how to create a custom framework utilizing other APIs.
Thank you in advance for your help.
I just love Spring Security, but just to let you know about one more option, there is apache shiro
I would recommend Spring-Security
I haven't used Seam, but you can use JAAS with EJBs. Have a look at the tutorial:
http://download.oracle.com/javaee/6/tutorial/doc/bnbyk.html
http://download.oracle.com/javaee/6/tutorial/doc/gijrp.html

Good example of use of JSF and Spring Architecture

I am trying to find a good example of use of JSF and Spring with installation instruction,But haven't been able to find something more than basic.
Can anyone direct me to nice examples?
Thanks,
Sid
java Beat : integrating-spring-and-jsf
jsf-2-0-spring-hibernate-integration-example
You can also check out Appfuse, http://appfuse.org/display/APF/Home, it has the whole enchilada: maven, security (acegi), webservices, hibernate search (lucene), caching (ehcache), JPA, annotations in JSF Managed Beans, transactions, templating (sitemesh), email, and lots of other useful stuff. I find it a bit too complex, not so sure if it uses the best available components for JSF, but it's an application skeleton for the real world.
See the reference at http://appfuse.org/display/APF/Reference+Guide

Java MVC Web development framework?

I want to develop a website with java but I'm absolute beginner in java web development.
I want to use a framework that uses the MVC pattern and Ajax.
I did some search and found that Spring or Struts are suitable but I'm not sure.
could you please recommend a framework?
Play Framework might be a good option because of its incredible simplicity.
I'd recommend Spring:
Developing a Spring Framework MVC application step-by-step
The Stripes Framework is also worth consideration and can be used along with Spring.
http://www.stripesframework.org
It's easy to use and easy to configure. Unlike Struts, which is fairly old hat these days.
There are a plethora of frameworks now and it's worth checking each one that will suit your needs. It's a personal thing and it's good that we're not all restricted to a few.
JRapid is very easy to use. You'll get a working application in minutes and it generates AJAX powered user interface.
I work with Spring Webflow - technology based on Spring MVC. Webflow is described in official help pretty well. Personally, it think Webflow is much more usable than bare Spring MVC, however there are always someone who disagrees.
Moreover Spring (not talking about MVC specifically) can be used outside of web projects, so it seems to me it is advantage of Spring.
Cannot say anything about Struts.
I would recommend GRAILS for fast rapid web application development, that includes scaffolding functionality and web page generation based on data models.
https://grails.org/learn
It is the fastest way for MVC developers.

Categories

Resources