Posts tagged Security

Client Certificate Authentication Improvements in Payara Server July and September 2021 Releases

SSL certificates are used for several features within Payara Server. You can configure your custom certificate for the TLS based connections the Payara Server is serving when using a custom domain name. And those certificates can be used for authentication purposes to identify the caller, mainly in a machine to machine communication.

With the July and September 2021 Payara Server releases, we have implemented two new features to improve the usage of these custom SSL certificates.

6 Vital Steps to Enhancing IoT Security

You may have heard the term ‘Internet of Things’ or IoT, referred to with increasing frequency in technology and business circles. It is cited more and more frequently as key in the future of computing, the workplace, consumer technology, travel and more.

But what do we mean when we say Internet of Things – and what implications does it have when it comes to security?

カスタム SSL証明書を用いた Payara Serverのセキュア化

Payara Serverの管理タスクで最も多いものの1つは、他のWebサーバーと同様に、HTTPプロトコルやPayara Serverへのリモート・アクセスをセキュアにするための電子証明書のセットアップです。皆様は自己署名証明書または信頼できる認証局の署名入り証明書のいずれかをお持ちでしょうが、どちらの場合も証明書をPayara Serverのドメインに追加してセキュアな通信に用いるのはとても簡単です。

How to Use OpenIdConnect with Payara Platform to Achieve Single Sign-on

When a user needs to access multiple applications in your environment, you should not require authentication for each application. If the user has already been authenticated for one of the applications, he or she should  should not be asked for credentials when he accesses one of the other applications during the same browser session. This concept is called Single Sign-on where the authentication credentials are 'shared' in the environment and can be used by any application in that environment.

How to Use Single Sign-on with Payara Server Realms

When a user needs to access multiple applications in your environment, you should not require authentication for each application. If the user has already been authenticated for one of the applications, he or she should  should not be asked for credentials when he accesses one of the other applications during the same browser session. This concept is called Single Sign-on where the authentication credentials are 'shared' in the environment and can be used by any application in that environment.

How to Develop Applications with Minimal Security Risks

When we develop software we don't expect to be hacked or compromised. We build great new software for the needs of our clients. The people that use our software expect that our systems are safe and data will not be compromised. To ensure that safety we need to take responsibility and develop our applications in such a way that we can meet these expectations. Since the situation is real that our application is hacked or compromised. In the guide below, we discuss 7 pointers that can help you develop applications with a minimal security risk.

Securing Your Applications Running on Payara Platform (JAX-RS Endpoints)

Securing your application is a very important aspect of the development of your application. You not only need to make sure that the application has the intended functionality but also that this functionality can only be executed by the appropriate people. You not only need to make sure that updates to data are restricted to the correct people, but it is also important that end users only see data they are allowed to see. And in case of sensitive data, this is even more important.

Authentication and Authorization Stores in Payara Platform

Securing your application is a very important aspect of development. You not only need to make sure that the application has the intended functionality but also that this functionality can only be executed by the appropriate people. It is critical to ensure that updates to data are restricted to the correct people, and that end users only see data they are allowed to see. And in case of sensitive data, this is even more important.