Need for Security in Web Applications Web Application Security HTTP

Total Page:16

File Type:pdf, Size:1020Kb

Need for Security in Web Applications Web Application Security HTTP Need for Security in Web Applications CS520 Web Programming Potentially large number of users Declarative Security Multiple user types No operating system to rely on Chengyu Sun California State University, Los Angeles Web Application Security HTTP Secure (HTTPS) Client Server request HTTP over SSL/TLS Configure SSL in Tomcat - who are you? http://tomcat.apache.org/tomcat-7.0- doc/ssl-howto.html username/password Authentication you’re not authorized to access Authorization (Access Control) (Access Connection Security SSL and TLS Programmatic Security Secure Socket Layer (SSL) Security is implemented in the Server authentication application code Client authentication Example: Connection encryption Login.jsp Transport Layer Security (TLS) Members.jsp TLS 1.0 is based on SSL 3.0 IETF standard (RFC 2246) Pros?? Cons?? 1 Security by Java EE Application Server HTTP Basic HTTP Basic HTTP 1.0, Section 11.1- http://www.w3.org/Protocols/HTTP/1.0/draft- HTTP Digest ietf-http-spec.html HTTPS Client request for a restricted page Form-based Client prompt for username/password Server resend request + username & password HTTP Basic – Configuration HTTP Basic – Request AuthType Basic GET /restricted/index.html HTTP/1.0 AuthName "Basic Authentication Example" Host: sun.calstatela.edu AuthUserFile /home/cysun/etc/htpasswords Accept: */* Require user cs520 HTTP Basic – Server Response HTTP Basic – Request Again HTTP/1.1 401 Authorization Required Date: Tue, 24 Oct 2006 14:57:50 GMT GET /restricted/index.html HTTP/1.0 Server: Apache/2.2.2 (Fedora) Host: sun.calstatela.edu WWW-Authenticate: Basic realm="Restricted Access Area" Accept: */* Content-Length: 484 Authorization: Basic Y3lzdW46YWJjZAo= Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> Base64 Encoding of “cysun:abcd” <head><title>401 Authorization Required</title></head> … … </html> An online Base64 decoder is at http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/ 2 Improve HTTP Basic (I) Cryptographic Hash Function… Username and password are String of arbitrary length n bits digest HTTP Basic sent in plain text. Properties 1. Given a hash value, it’s virtually impossible to find a message that hashes to this value 2. Given a message, it’s virtually impossible to find another Encrypt username and message that hashes to the same value password. 3. It’s virtually impossible to find two messages that hash to the same value A.K.A. One-way hashing , message digest , digital fingerprint …Cryptographic Hash Function Storing Passwords Common usage Why encrypting stored password?? Store passwords , software checksum … Common attacks on encrypted passwords Popular algorithms Brute force and some variations Dictionary MD5 (broken, partially) Common defenses SHA-1 (broken, sort of) Long and random passwords SHA-256 and SHA-512 (recommended) Make cryptographic hash functions slower Salt Encrypting Password is Not Enough Improve HTTP Basic (II) Username and password are Why?? HTTP Basic sent in plain text. Username and password are HTTP Basic sent in plain text. Encrypt username and password. Encrypt username and password. Additional measures to prevent HTTP Digest common attacks. 3 HTTP Digest – Server HTTP Digest Response HTTP/1.1 401 Authorization Required RFC 2617 (Part of HTTP 1.1) - Date: Tue, 24 Oct 2006 14:57:50 GMT http://www.ietf.org/rfc/rfc2617.txt Server: Apache/2.2.2 (Fedora) WWW-Authenticate: Digest realm="Restricted Access Area“, qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", request for a restricted page algorithm=“MD5”, opaque="5ccc069c403ebaf9f0171e9517f40e41" prompt for username/password + nonce Content-Length: 484 Content-Type: text/html; charset=iso-8859-1 resend request + message digest <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head><title>401 Authorization Required</title></head> … … </html> HTTP Digest – Request Again Form-based Security GET /restricted/index.html HTTP/1.0 Host: sun.calstatela.edu Unique to J2EE application servers Accept: */* Authorization: Digest username=“cysun”, Include authentication and realm=“Restricted Access Area", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", authorization, but not connection uri="/restricted/index.html", qop=auth, security nc=00000001, cnonce="0a4f113b", opaque="5ccc069c403ebaf9f0171e9517f40e41”, algorithm=“MD5” response="6629fae49393a05397450978507c4ef1" Hash value of the combination of of username , password , realm , uri , nonce , cnonce , nc , qop Form-base Security using Tomcat Example – Users and Roles $TOMCAT/conf/tomcat-users.xml <?xml version='1.0' encoding='utf-8'?> Users and roles <tomcat-users> <role rolename=“admin"/> $APPLICATION/WEB-INF/web.xml <role rolename=“member"/> <user username=“admin" password=“1234“ Authentication type ( FORM ) roles=“admin,member"/> Login and login failure page <user username=“cysun" password=“abcd“ roles=“member"/> URLs to be protected </tomcat-users> 4 Example – Directory Layout Example – Login Page /admin index.html /member index.html <form action="j_security_check" method="post"> <input type="text" name="j_username"> login.html <input type="password" name="j_password"> <input type="submit" name="login" value="Login"> logout.jsp </form> error.html index.html /WEB-INF web.xml Example – web.xml … … Example – web.xml <security-constraint> <login-config> <web-resource-collection> <auth-method>FORM</auth-method> <web-resource-name>AdminArea</web-resource-name> <form-login-config> <url-pattern>/admin/*</url-pattern> <form-login-page>/login.html</form-login-page> </web-resource-collection> <form-error-page>/error.html</form-error-page> <auth-constraint> </form-login-config> <role-name>admin</role-name> </login-config> </auth-constraint> </security-constraint> Limitations of Declarative Declarative Security Security by App Servers Security constraints are defined outside Application server dependent application code in some metadata Not flexible enough file(s) Servlet Specification only requires URL Advantages access control Application server provides the security implementation Separate security code from normal code Easy to use and maintain 5 Security Requirements of Web Applications Spring Security (SS) Authentication A security framework for Spring-based Authorization (Access Control) applications URL Addresses all the security requirements Method invocation of web applications Domain object View How Does Spring Security Work Servlet Filter Intercept requests and/or responses Intercept, examine, and/or modify Servlet filters request and response Spring handler interceptors Intercept method calls Filter Spring method interceptors Modify views request response Spring Security Tag Library Servlet/JSP Servlet Filter Example Spring Handler Interceptor web.xml Serve the same purpose as servlet filter Configured as Spring beans, i.e. support dependency <filter> and <filter-mapping> injection Modify request Modify response Handler Interceptor request response Controller 6 Intercept Request/Response Intercept Method Call Request What can we do by What can we do intercepting the BeforeAdvice in BeforeAdvice?? request?? Method Invocation Controller User getUserById(1) /member/index.html What can we do Response What can we do by AfterAdvice in AfterAdvice?? intercepting the response?? Adding Spring Security to a … Adding Spring Security to a Web Application … Web Application Dependencies web.xml spring-security-config <filter> spring-security-taglibs <filter-name>springSecurityFilterChain</filter-name> <filter-class> cglib org.springframework.web.filter.DelegatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> Authentication Sources Authentication Supported Database Container-based Authentication Manager LDAP JBoss JAAS Jetty Resin Authentication Authentication Authentication CAS Provider Provider Provider Tomcat OpenID SiteMinder Authentication Sources X.509 database LDAP Servlet Windows NTLM Container 7 Authenticate Against a Authenticate Against a Database – Configuration Database – Default Schema applicationContext.xml create table users ( username string primary key, <authentication-manager> password string, <authentication-provider> enabled boolean <jdbc-user-service ); data-source-ref="dataSource" /> <authentication-provider> create table authorities ( </authentication-manager> username string references users(username), authority string -- role name Spring Security namespace: ); http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd Authenticate Against a Implement Your Own Database – Customization UserDetailsService <jdbc-user-service> http://static.springsource.org/spring- users-by-username-query security/site/docs/3.1.x/apidocs/org/spri authorities-by-username-query ngframework/security/core/userdetails/ <authentication-provider> UserDetailsService.html <password-encoder> user-service-ref Authentication – Login Form and More Customize <form-login> <http auto-config=“true” /> login-page authentication-failure-url More at <http> http://static.springsource.org/spring- <form-login /> security/site/docs/3.1.x/reference/appe <http-basic /> ndix-namespace.html#nsa-form-login <logout /> </http> 8 Default Login URLs and Parameters Authorization Examples /j_spring_security_check Users must log in to see the user list /j_spring_security_logout A user can only view/edit their own account j_username An
Recommended publications
  • Spring Roo - Reference Documentation
    Spring Roo - Reference Documentation DISID CORPORATION S.L. Table of Contents Getting started . 1 1. Overview . 2 2. What’s new in Spring Roo 2.0 . 3 Improved extensibility . 3 No backward compatibility . 3 Usability improvements . 3 Centered in Spring technologies . 3 Application architecture . 4 Domain model . 4 View layer . 4 3. Requirements . 6 4. Install Spring Roo . 7 Using Spring Roo . 9 5. The Roo shell . 10 6. Impatient beginners . 12 7. Create your Spring Boot application . 13 8. Configure the project settings . 14 9. Setup the persistence engine . 15 10. The domain model . 16 JPA entities . 16 DTOs . 20 11. The data access layer . 21 Spring Data repositories . 21 Default queries . 21 12. The service layer . 22 Service API and Impl . 22 13. The view layer . 23 Thymeleaf view engine . 23 Spring MVC Controllers . 23 Spring Webflow . 25 14. The integration layer . 26 REST API . 26 WS API . 26 Email . ..
    [Show full text]
  • Course Title
    "Charting the Course ... ... to Your Success!" Spring 3x Advanced Topics Course Summary Description This course is the next step in using the many features Spring 3.x has to offer. Web topics covering Web Flow and MVC address the powerful features for building popular workflow structures in applications today. Spring Batch addresses the Web counterpart to business processing. The final two topics address all areas in Spring. Security touches all layers of a business application. The newly rewritten Spring Security structure covers all areas addressed down to the Method level. Spring Roo is the last topic that can be used to build entire applications, including Spring MVC. Due to the size of Spring Roo, the depth will depend on available remaining time. The various Spring Integration features of messages will be demonstrated based on student requirements. Objectives At the end of this course, students will be able to: Design, create and debug Spring MVC applications. Understand Web Flow and where it can be used. Create, monitor, and test Spring Batch applications. Apply Security to all levels of Spring applications, including methods. Use Spring Roo to create Spring applications. Configure Spring using Java Classes. Apply Spring Integration options. Topics Working with Spring Web Flow Introducing Spring Security The Web Module and Spring MFC Web Security Controllers and Commands Securing the Service Layer Binding and Validation Customizing and Extending Spring Security Introducing Spring Batch Working with Remote Services
    [Show full text]
  • Adding Red Hat Decision Manager Users 44
    Red Hat Decision Manager 7.11 Integrating Red Hat Decision Manager with other products and components Last Updated: 2021-07-06 Red Hat Decision Manager 7.11 Integrating Red Hat Decision Manager with other products and components Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
    [Show full text]
  • Spring Framework II Course Summary
    "Charting the Course ... ... to Your Success!" Spring Framework II Course Summary Description This course is the next step in using the many features the Spring Framework has to offer. In depth Web topics covering Web Flow and MVC address the powerful features for building popular workflow structures in applications. Spring Security will be applied to all areas including the Method level. Spring ROO will be used to build entire applications, including Spring MVC. Web Services for SOAP and RESTful are included to complete the Web Tier. Objectives At the end of this course, students will be able to: Design, create and debug complex Spring MVC applications. Understand Web Flow and where it can be used. Create, monitor, and test Spring Web Services. Apply Security to all levels of Spring Framework applications, including methods. Use Spring Roo to create Spring Framework applications. Configure Spring Framework using Java Classes and eliminate Web.XML configuration. Incorporate JQuery and JavaServer Faces. Topics Web Development Spring Roo Web Services What’s Next in Spring III Security Audience This course is designed for Developers who have attended the “Spring Framework I” class or equivalent experience in developing or maintaining Spring Framework Web applications. Prerequisites Spring programming experience, a basic knowledge of configuration, familiarity with the Spring Framework dependency injection, and Aspect oriented programming. Duration Five Days Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies.
    [Show full text]
  • Spring Security Reference
    Spring Security Reference 4.2.8.RELEASE Ben Alex , Luke Taylor , Rob Winch , Gunnar Hillert Copyright © 2004-2015 Copies of this document may be made for your own use and for distribution to others, provided that you do not charge any fee for such copies and further provided that each copy contains this Copyright Notice, whether distributed in print or electronically. Spring Security Reference Table of Contents .............................................................................................................................................. xvii I. Preface ................................................................................................................................... 1 1. Getting Started ............................................................................................................... 3 2. Introduction .................................................................................................................... 4 2.1. What is Spring Security? ..................................................................................... 4 2.2. History ................................................................................................................ 6 2.3. Release Numbering ............................................................................................. 6 2.4. Getting Spring Security ........................................................................................ 7 Usage with Maven ............................................................................................
    [Show full text]
  • Spring Security
    Spring Security Reference Documentation Ben Alex Luke Taylor Spring Security: Reference Documentation by Ben Alex and Luke Taylor 3.0.8.RELEASE Spring Security Table of Contents Preface ...................................................................................................................................... x I. Getting Started ....................................................................................................................... 1 1. Introduction ................................................................................................................... 2 1.1. What is Spring Security? ..................................................................................... 2 1.2. History ................................................................................................................ 4 1.3. Release Numbering ............................................................................................. 4 1.4. Getting Spring Security ....................................................................................... 5 Project Modules ................................................................................................. 5 Core - spring-security-core.jar .................................................. 5 Web - spring-security-web.jar ..................................................... 5 Config - spring-security-config.jar ........................................... 5 LDAP - spring-security-ldap.jar ................................................ 5 ACL - spring-security-acl.jar
    [Show full text]
  • SAP Process Mining by Celonis
    TABLE OF CONTENTS REVISION HISTORY 4 INTRODUCTION 5 ABOUT THIS GUIDE 5 TARGET AUDIENCE 5 TECHNICAL CONFIGURATION – SYSTEM LANDSCAPE 8 SINGLE-SERVER DEPLOYMENT 8 MULTI-SERVER DEPLOYMENT (SCALE-OUT) 9 TECHNICAL CONFIGURATION – FILE SYSTEM LAYOUT 9 WINDOWS SYSTEMS 10 LINUX SYSTEMS 12 TECHNICAL CONFIGURATION – MULTI-SERVER 13 TECHNICAL CONFIGURATION – SECURITY 15 GENERAL SECURITY 15 SECURE COMMUNICATION BETWEEN CENTRAL APPLICATION AND COMPUTE SERVICE 17 PYTHON SECURITY 18 TECHNICAL CONFIGURATION – HIGH AVAILABILITY (HA) 19 TECHNICAL CONFIGURATION – LOGGING 21 LOGGING FOR SAP PROCESS MINING BY CELONIS 21 APPLICATION SERVER ADMINISTRATION 24 REQUIRED TOOLS 24 SAP PROCESS MINING BY CELONIS CONFIGURATION 24 SAP PROCESS MINING BY CELONIS AS OPERATING SYSTEM SERVICE 25 PERIODICAL TASKS – ARCHIVING FILES 26 SAP PROCESS MINING BY CELONIS LOG FILES 26 MIGRATION FROM SAP PROCESS MINING BY CELONIS FROM A VERSION BELOW 4.5 TO A VERSION INCLUDING AND ABOVE 4.5 30 SAP PROCESS MINING BY CELONIS CONFIGURATION STORE BACKUPS 32 © 2020 Celonis SE OPERATION GUIDE 2 RECOVERING FROM A BACKUP FOR INTEGRATED CELONIS CONFIGURATION STORE 33 BACKUP AND RECOVERY – BACKUP ANALYTICS DATABASE (SAP HANA) 34 INCLUDED MONITORING FUNCTIONALITY 35 SOFTWARE CHANGE MANAGEMENT 38 SOFTWARE UPDATE PROCEDURE 39 SUPPORT DESK MANAGEMENT 40 SLD REGISTRATION 40 CONFIGURABLE HELP PAGES 40 © 2020 Celonis SE OPERATION GUIDE 3 REVISION HISTORY VERSION NUMBER VERSION DATE SUMMARY OF REVISIONS MADE 1.4 MAR 22, 2017 Application Version 4.2 1.6 FEB 23, 2018 Updated version for application version 4.3 1.9 FEB 03, 2019 Updated version for application version 4.5 1.10 MAY 17, 2020 Updated version for application version 4.5 SP3 1.11 JUN 20, 2020 Updated version for application version 4.6 © 2020 Celonis SE OPERATION GUIDE 4 INTRODUCTION ABOUT THIS GUIDE SAP Process Mining by Celonis is a powerful software for retrieving, visualizing and analyzing real as-is business processes from transactional data stored by the SAP ERP systems.
    [Show full text]
  • Getting Started with Roo
    Getting Started with Roo Getting Started with Roo Josh Long and Steve Mayzak Beijing • Cambridge • Farnham • Köln • Sebastopol • Tokyo Getting Started with Roo by Josh Long and Steve Mayzak Copyright © 2011 Josh Long and Steve Mayzak. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://my.safaribooksonline.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Editor: Mike Loukides Cover Designer: Karen Montgomery Production Editor: Jasmine Perez Interior Designer: David Futato Proofreader: O’Reilly Production Services Illustrator: Robert Romano Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. Getting Started with Roo, the image of the common tree kangaroo, and related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information con- tained herein. ISBN: 978-1-449-30790-5 [LSI] 1312551620 Table of Contents Preface ..................................................................... vii 1. Your First Intrepid Hops … err, Steps .....................................
    [Show full text]
  • Secure Coding Practices in Java: Challenges and Vulnerabilities
    Secure Coding Practices in Java: Challenges and Vulnerabilities Na Meng Stefan Nagy Daphne Yao Wenjie Zhuang Gustavo Arango Argoty Virginia Tech Blacksburg, Virginia 24060 {nm8247,snagy2,danfeng,kaito,gustavo1}@vt.edu ABSTRACT 1 INTRODUCTION Java platform and third-party libraries provide functionalities to fa- Java platform and third-party libraries or frameworks (e.g., Boun- cilitate secure coding. However, misusing these functionalities can cyCastle [6]) provide various features to enable secure coding. Mis- cost developers tremendous time and effort, or introduce security using these libraries and frameworks not only slows development vulnerabilities in software. Prior research focused on the misuse of time, but also leads to security vulnerabilities in the resulting soft- cryptography and SSL APIs, but did not explore the fundamental re- ware [14, 98, 99, 103]. search question: what are the biggest challenges and vulnerabilities Prior research mainly focused on cryptography and SSL API in secure coding practices? In this paper, we conducted a broader misuse causing security vulnerabilities [80, 82, 85, 88]. Specifically, empirical study on StackOverflow posts to understand developers’ Lazar et al. manually examined 269 published cryptographic vul- concerns on Java secure coding, their programming obstacles, and nerabilities in the CVE database, and observed 83% of them resulted the potential vulnerabilities in their code. from cryptography API misuse [88]. Nadi et al. further investigated We observed that developers have shifted their effort to the usage the obstacles introduced by Java cryptography APIs, developers’ of authentication and authorization features provided by Spring usage of the APIs, and desired tool support [94]. Fahl et al. [82] and Security—a third-party framework designed to secure enterprise Georgiev et al.
    [Show full text]
  • Spring Roo in Action by Ken Rimple, Srini Penchikala
    MANNING Ken Rimple Srini Penchikala FOREWORD BY BEN ALEX Spring Roo in Action by Ken Rimple, Srini Penchikala Chapter 10 Copyright 2012 Manning Publications brief contents PART 1STARTING SPRING APPS RAPIDLY WITH ROO...................1 1 ■ What is Spring Roo? 3 2 ■ Getting started with Roo 25 PART 2DATABASES AND ENTITIES ........................................... 55 3 ■ Database persistence with entities 57 4 ■ Relationships, JPA, and advanced persistence 93 PART 3WEB DEVELOPMENT...................................................125 5 ■ Rapid web applications with Roo 127 6 ■ Advanced web applications 156 7 ■ RIA and other web frameworks 173 8 ■ Configuring security 189 PART 4INTEGRATION ...........................................................209 9 ■ Testing your application 211 10 ■ Enterprise services—email and messaging 243 11 ■ Roo add-ons 266 12 ■ Advanced add-ons and deployment 296 vii viii BRIEF CONTENTS PART 5 ROO IN THE CLOUD...................................................321 13 ■ Cloud computing 323 14 ■ Workflow applications using Spring Integration 337 Enterprise services— email and messaging This chapter covers Roo support for enterprise services Asynchronous messaging using a JMS topic Email service Asynchronous messaging using a JMS queue Monitoring messaging activity In the previous two chapters, you secured your Roo application by adding the Spring Security API to the application architecture mix, and you learned how to enrich the web tier of the Roo application so it’s functional from a business stand­ point. In addition to robust security features and a rich user interface, a real-world application also requires services such as customer email notification and offline data processing that occurs outside of your main business operations, where your customers receive notifications about results at a later time. In this chapter, we discuss the integration that the Roo framework provides for email and asynchronous messaging using the Java Message Service (JMS) API.
    [Show full text]
  • Spring Security Reference
    Spring Security Reference 4.2.6.RELEASE Ben Alex , Luke Taylor , Rob Winch , Gunnar Hillert Copyright © 2004-2015 Copies of this document may be made for your own use and for distribution to others, provided that you do not charge any fee for such copies and further provided that each copy contains this Copyright Notice, whether distributed in print or electronically. Spring Security Reference Table of Contents .............................................................................................................................................. xvii I. Preface ................................................................................................................................... 1 1. Getting Started ............................................................................................................... 3 2. Introduction .................................................................................................................... 4 2.1. What is Spring Security? ..................................................................................... 4 2.2. History ................................................................................................................ 6 2.3. Release Numbering ............................................................................................. 6 2.4. Getting Spring Security ........................................................................................ 7 Usage with Maven ............................................................................................
    [Show full text]
  • CELEBRATING JAVA@25 the Everlasting Age of “Write Once, Run
    The Everlasting Age of “Write Once, Run Anywhere” CELEBRATING JAVA@25 Your App Ecosystem | Driven by Java | Accelerated with Low-Code Copyright © 2020, WaveMaker, Inc. This document is not for public distribution. All rights reserved. Abstract It takes a second to sow a seed, years to create a forest, and decades to build an ecosystem. Witnessing the Java community grow everyday is a fascinating experience in itself. Many of us have lived through the launch and wide-spread adoptionof Java and we continue to witness its evolution. 25 years ago, James Gosling and others at Sun Microsystems launched the Java programming language in 1995. The driving force behind creating Java was to build an architecture-neutral, platform-independent language for software embedded in electronic devices. Since then it has evolved into an ecosystem, from the Java Virtual Machine (JVM) to Jakarta EE (Java EE). To keep up with enterprise demands, the new focus of the Java ecosystem is on cloud computing with the aim of providing complete control and flexibility to accelerate application development in the cloud. Enriched layer upon layer, Java as a language has evolved over the decades and has created a special connection with many professional developers. In this eBook, find out how Java is shaping the present and future technology, how it has evolved, the applications of Java and why it is popular, and how it forms the backbone of modern applications and is used to meet the modern enterprise demands. Copyright © 2020, WaveMaker, Inc. This document is not for public distribution. All rights reserved. Table of Contents Introduction 1 How Java is shaping present and future technology Java is still young @25 2 The Evolution Over the Decades 3 Applications of Java and Why it is Popular 4 Combine the Old with New Technology Meet the Demands of the Modern Enterprise 5 The Future of Java and How it is Evolving Copyright © 2020, WaveMaker, Inc.
    [Show full text]