The table below will give you a feel for the key items in servlet security. Authorization is the most time-consuming to implement and Authentication is next. From the servlet perspective, Confidentiality and Data Integrity are pretty easy to set up.[12]
Security concept | Who’s responsible? | Complexity level | Effort level | Exam importance |
---|---|---|---|---|
Authentication | Admin | medium | high | medium |
Authorization | Deployer (mostly) | high | high | high |
Confidentiality | Deployer | low | low | low |
Data Integrity | Deployer | low | low | low |
We’re going to emphasize Authorization in this chapter because it’s the most important and complex of the vendor-neutral security concepts.
[12] Actually, getting the SSL certification is not trivial, so by “easy” we mean “you don’t really do anything in your servlet code.”