Refer to this definitive and authoritative book to understand the Jakarta EE Security Spec, with Jakarta Authentication & Authorization as its underlying official foundation. Jakarta EE Security implementations are discussed, such as Soteria and Open Liberty, along with the build-in modules and Jakarta EE Security third-party modules, such as Payara Yubikey & OIDC, and OmniFaces JWT-Auth. The book discusses Jakarta EE Security in relation to SE underpinnings and provides a detailed explanation of how client-cert authentication over HTTPS takes place, how certifications work, and how LDAP-like names are mapped to caller/user names. General (web) security best practices are presented, such as not storing passwords in plaintext, using HTTPS, sanitizing inputs to DB queries, encoding output, and explanations of various (web) attacks and common vulnerabilities are included. Practical examples of securing applications discuss common needs such as letting users explicitly log in, sign up, verify email safely, explicitly log in to access protected pages, and go direct to the log in page. Common issues are covered such as abandoning an authentication dialog halfway and later accessing protected pages again. What You Will Learn Know what Jakarta/Java EE security includes and how to get started learning and using this technology for today's and tomorrow's enterprise Java applications Secure applications: traditional server-side web apps built with JSF (Faces) as well as applications based on client-side frameworks (such as Angular) and JAX-RS Work with the daunting number of security APIs in Jakarta EE Understand how EE security evolved Who This Book Is For Java developers using Jakarta EE and writing applications that need to be secured (every application). Basic knowledge of Servlets and CDI is assumed. Library writers and component providers who wish to provide additional authentication mechanisms for Jakarta EE also will find the book useful.

Learn and master the new features in the new Eclipse Jakarta Faces (formerly JavaServer Faces or JSF) web framework in this definitive guide written by two of the driving forces of the Faces project and the co-creators of the OmniFaces library. Authors Bauke Scholtz and Arjan Tijms take you through real-world examples that demonstrate how these new features are used with other APIs in Jakarta EE. You'll see the new and exciting ways Jakarta Faces applications can use to communicate between a client and a server, such as using WebSockets, invoking bean methods directly from Ajax, executing client-side JavaScript when Ajax calls complete, and more Along the way you'll broaden your knowledge of Faces components and web APIs best practices, and learn a great deal about the internals of Faces and the design decisions that have been made when building the Faces API. For example, you'll see what artefacts are now CDI injectable, how CDI changed Faces internally, and what some of the caveats are when working with the CDI versions of a Faces artefact. Furthermore, you'll build an example application from scratch. After reading The Definitive Guide to Jakarta Faces in Jakarta EE 10, you'll be ready to build your own efficient and secure web applications. What You Will Learn Leverage the new features in Jakarta Faces in Jakarta EE in your existing applications Integrate Faces and CDI Use the brand new Component Search Expression framework, which enables you to more easily locate components from your template Extend the Component Search Expression framework with your own search operators Work with the different ways of mapping requests to Faces, make your application use extension-less URLs, and programmatically inspect which resources are present in your application Master the best practices for web application development and see which are obsolete Who This Book Is For Existing JSF or Java developers who need to create a web UI. No prior knowledge of Faces is required, but the book does skew towards the more experienced developer. Concepts such as dependency injection and MVC are assumed to be known, as is a general knowledge about HTML, HTTP and other web standards.

In Pro CDI 2 in Java EE 8, use CDI and the CDI 2.0 to automatically manage the life cycle of your enterprise Java, Java EE, or Jakarta EE application's beans using predefined scopes and define custom life cycles using scopes. In this book, you will see how you can implement dynamic and asynchronous communication between separate beans in your application with CDI events. The authors explain how to add new capabilities to the CDI platform by implementing these capabilities as extensions. They show you how to use CDI in a Java SE environment with the new CDI initialization and configuration API, and how to dynamically modify the configuration of beans at application startup by using dynamic bean building. This book is compatible with the new open source Eclipse Jakarta EE platform and tools. What You Will Learn Use qualifier annotations to inject specific bean implementations Programmatically retrieve bean instances from the CDI container in both Java SE and Java EE when injecting them into an object isn't possible Dynamically replace beans using the @Alternative annotation to, for example, replace a bean with a mock version for testing Work with annotation literals to get instances of annotations to use with the CDI API Discover how scopes and events interact Who This Book Is For Those who have some experience with CDI, but may not have experience with some of the more advanced features in CDI.