1. javax.crypto
    • Don't bother creating your own "security encryption", just use one of the built in cryptography APIs such as javax.crypto.Cipher.
    • Explore all reviews
  2. org.drools
    • My preference is to stick with Java (or maybe Scala or Groovy) since I'm using tools like Drools for rules and Shiro for security.
    • Explore all reviews
  3. com.googlecode.json-simple
  4. org.hibernate
    • If you're planning on doing Java processing on the data, or you want to use a persistence framework like Hibernate, you'll need "Full Data Binding".
    • Explore all reviews
  5. javax.script
  6. com.extjs
    • I like to know which of these are best and more efficient in performance perspective and security.
    • Explore all reviews
  7. org.jboss.resteasy
  8. org.scribe
    • Authentication is via Oauth - I recommend using URL_https://github.com/fernandezpablo85/scribe-java [Scribe] .
    • Explore all reviews
  9. commons-jexl
    • But in my case, I want my expression evaluation to run in a secure sandbox.
    • 3) If the only solution is to write my own expression evaluator, then where can I find some guidance on how to write a consistent security model?
    • Explore all reviews
  10. org.springframework
    • I like to know which of these are best and more efficient in performance perspective and security.
    • I have something for ajax login through spring security: CODESNIPPET_JAVA1 .
    • If you're using a framework like Spring Security you can control that some URL like .json can only be reached by some users (for instance the administrator, if they're only used in the admin pages).
    • Explore all reviews
  11. org.glassfish.webservices
    • WebServices and their security), so any newbie-tweaks to my question are very welcome._ .
    • Explore all reviews
  12. org.glassfish.main.core
    • What security spec is being adhered to?
    • WebServices and their security), so any newbie-tweaks to my question are very welcome._ .
    • Explore all reviews
  13. jetty
    • @LarryHector No that's not it, it worked perfectly without authentication on a plain Jetty.
    • Explore all reviews
  14. org.glassfish.jersey
    • The service uses cookie based authentication - that part works and I have other service calls working with the cookie.
    • Explore all reviews
  15. org.mvel
    • But in my case, I want my expression evaluation to run in a secure sandbox.
    • 3) If the only solution is to write my own expression evaluator, then where can I find some guidance on how to write a consistent security model?
    • Explore all reviews
  16. org.json
    • Note: I have observed that this can "re-organize" the key value pairs order.
    • Explore all reviews
  17. alfresco
    • Everything else works fine (pngs, text, html, GET requests,even authentication).
    • Explore all reviews
  18. org.springframework.security
    • I have something for ajax login through spring security: CODESNIPPET_JAVA1 .
    • If you're using a framework like Spring Security you can control that some URL like .json can only be reached by some users (for instance the administrator, if they're only used in the admin pages).
    • Explore all reviews
  19. shiro
    • My preference is to stick with Java (or maybe Scala or Groovy) since I'm using tools like Drools for rules and Shiro for security.
    • Explore all reviews
  20. commons-httpclient
    • I know that HttpClient lets you do Basic and Digest authentication out of the box, supports SSL and can do OAuth with some help.
    • Authentication error: Unable to respond to any of these challenges: {} Android - 401 Unauthorized I have taken reference from this link URL_http://stackoverflow.com/questions/6114455/authentication-error-when- using-httppost-with-defaulthttpclient-on-android [Authentication-Error-when- using-HttpPost-with-DefaultHttpClient-on-Android] I am working on android app in that backed in Drupal.
    • This is more secure but much more complex.
    • See URL_http://hc.apache.org/httpclient-3.x/authentication.html#NTLM [ URL_http://hc.apache.org/httpclient-3.x/authentication.html NTLM] (Note also that the web container has the 'smarts' to be able to try different authentication methods as requested by the server, all behind the scenes) Also check the Drupal web logs.
    • Check that the authentication sent by the client pre-emptively is the correct type (basic, digest, NTLM) Let me know if this helps.
    • See URL_http://hc.apache.org/httpclient-3.x/authentication.html#NTLM [ URL_http://hc.apache.org/httpclient-3.x/authentication.html NTLM] (Note also that the web container has the 'smarts' to be able to try different authentication methods as requested by the server, all behind the scenes) Also check the Drupal web logs.
    • Explore all reviews
  21. net.sf.json-lib
    • Regarding security, I think your best option here would be to support SSL for the connections.
    • Otherwise you could just make things harder for eavesdroppers by simply using JS-based encryption, but that won't protect you too much.
    • Explore all reviews
  22. com.fasterxml.jackson
    • and through the REST API you can get the username without the password (thanks to the JsonIgnore) .
    • but is same possible with encrypted data also as it contains many illegal characters?
    • You may want to implement CODETERM3 and CODETERM4 as well.
    • For Jackson to serialize that class, the SomeString field need to either be public (right now it's package level isolation) or you need to define a getter and setter for it.
    • Regarding security, I think your best option here would be to support SSL for the connections.
    • Otherwise you could just make things harder for eavesdroppers by simply using JS-based encryption, but that won't protect you too much.
    • Explore all reviews
  23. json-p
    • and of course security police.
    • But due to cross- domain security woes we need to convert it to JSONP, can someone suggest what I need to modify for this conversion?
    • Explore all reviews
  24. com.google.code.gson
    • Specifically, in this case, it's because my web front end can be used to update the password and send it to the Java side,, but I never want to send the password back to the front end (for obvious security reasons).
    • Note that serialization of class names and deserialization (from user input) using Class.forName can present security implications in some situations, and is thus discouraged by the Gson dev team.
    • Regarding security, I think your best option here would be to support SSL for the connections.
    • Im not sure, I'd have to look at the library, but i am guessing there wouldn't be much of a problem - dont think there is much that the security manager would complain about on that.
    • Simple CODETERM2 did the job perfectly, however my applet failed to start giving exceptions that Gson library has somewhat like security problems.
    • Otherwise you could just make things harder for eavesdroppers by simply using JS-based encryption, but that won't protect you too much.
    • Explore all reviews
  1. com.google.code.gson
    • Specifically, in this case, it's because my web front end can be used to update the password and send it to the Java side,, but I never want to send the password back to the front end (for obvious security reasons).
    • Note that serialization of class names and deserialization (from user input) using Class.forName can present security implications in some situations, and is thus discouraged by the Gson dev team.
    • Regarding security, I think your best option here would be to support SSL for the connections.
    • Im not sure, I'd have to look at the library, but i am guessing there wouldn't be much of a problem - dont think there is much that the security manager would complain about on that.
    • Simple CODETERM2 did the job perfectly, however my applet failed to start giving exceptions that Gson library has somewhat like security problems.
    • Otherwise you could just make things harder for eavesdroppers by simply using JS-based encryption, but that won't protect you too much.
    • Explore all reviews
  2. json-p
    • and of course security police.
    • But due to cross- domain security woes we need to convert it to JSONP, can someone suggest what I need to modify for this conversion?
    • Explore all reviews
  3. net.sf.json-lib
    • Regarding security, I think your best option here would be to support SSL for the connections.
    • Otherwise you could just make things harder for eavesdroppers by simply using JS-based encryption, but that won't protect you too much.
    • Explore all reviews
  4. com.fasterxml.jackson
    • and through the REST API you can get the username without the password (thanks to the JsonIgnore) .
    • but is same possible with encrypted data also as it contains many illegal characters?
    • You may want to implement CODETERM3 and CODETERM4 as well.
    • For Jackson to serialize that class, the SomeString field need to either be public (right now it's package level isolation) or you need to define a getter and setter for it.
    • Regarding security, I think your best option here would be to support SSL for the connections.
    • Otherwise you could just make things harder for eavesdroppers by simply using JS-based encryption, but that won't protect you too much.
    • Explore all reviews
  5. commons-httpclient
    • I know that HttpClient lets you do Basic and Digest authentication out of the box, supports SSL and can do OAuth with some help.
    • Authentication error: Unable to respond to any of these challenges: {} Android - 401 Unauthorized I have taken reference from this link URL_http://stackoverflow.com/questions/6114455/authentication-error-when- using-httppost-with-defaulthttpclient-on-android [Authentication-Error-when- using-HttpPost-with-DefaultHttpClient-on-Android] I am working on android app in that backed in Drupal.
    • This is more secure but much more complex.
    • See URL_http://hc.apache.org/httpclient-3.x/authentication.html#NTLM [ URL_http://hc.apache.org/httpclient-3.x/authentication.html NTLM] (Note also that the web container has the 'smarts' to be able to try different authentication methods as requested by the server, all behind the scenes) Also check the Drupal web logs.
    • Check that the authentication sent by the client pre-emptively is the correct type (basic, digest, NTLM) Let me know if this helps.
    • See URL_http://hc.apache.org/httpclient-3.x/authentication.html#NTLM [ URL_http://hc.apache.org/httpclient-3.x/authentication.html NTLM] (Note also that the web container has the 'smarts' to be able to try different authentication methods as requested by the server, all behind the scenes) Also check the Drupal web logs.
    • Explore all reviews
  6. org.glassfish.webservices
    • WebServices and their security), so any newbie-tweaks to my question are very welcome._ .
    • Explore all reviews
  7. org.glassfish.main.core
    • What security spec is being adhered to?
    • WebServices and their security), so any newbie-tweaks to my question are very welcome._ .
    • Explore all reviews
  8. jetty
    • @LarryHector No that's not it, it worked perfectly without authentication on a plain Jetty.
    • Explore all reviews
  9. org.glassfish.jersey
    • The service uses cookie based authentication - that part works and I have other service calls working with the cookie.
    • Explore all reviews
  10. org.mvel
    • But in my case, I want my expression evaluation to run in a secure sandbox.
    • 3) If the only solution is to write my own expression evaluator, then where can I find some guidance on how to write a consistent security model?
    • Explore all reviews
  11. javax.crypto
    • Don't bother creating your own "security encryption", just use one of the built in cryptography APIs such as javax.crypto.Cipher.
    • Explore all reviews
  12. alfresco
    • Everything else works fine (pngs, text, html, GET requests,even authentication).
    • Explore all reviews
  13. org.springframework.security
    • I have something for ajax login through spring security: CODESNIPPET_JAVA1 .
    • If you're using a framework like Spring Security you can control that some URL like .json can only be reached by some users (for instance the administrator, if they're only used in the admin pages).
    • Explore all reviews
  14. shiro
    • My preference is to stick with Java (or maybe Scala or Groovy) since I'm using tools like Drools for rules and Shiro for security.
    • Explore all reviews
  15. com.googlecode.json-simple
  16. org.hibernate
    • If you're planning on doing Java processing on the data, or you want to use a persistence framework like Hibernate, you'll need "Full Data Binding".
    • Explore all reviews
  17. javax.script
  18. com.extjs
    • I like to know which of these are best and more efficient in performance perspective and security.
    • Explore all reviews
  19. org.jboss.resteasy
  20. org.json
    • Note: I have observed that this can "re-organize" the key value pairs order.
    • Explore all reviews
  21. org.drools
    • My preference is to stick with Java (or maybe Scala or Groovy) since I'm using tools like Drools for rules and Shiro for security.
    • Explore all reviews
  22. org.scribe
    • Authentication is via Oauth - I recommend using URL_https://github.com/fernandezpablo85/scribe-java [Scribe] .
    • Explore all reviews
  23. commons-jexl
    • But in my case, I want my expression evaluation to run in a secure sandbox.
    • 3) If the only solution is to write my own expression evaluator, then where can I find some guidance on how to write a consistent security model?
    • Explore all reviews
  24. org.springframework
    • I like to know which of these are best and more efficient in performance perspective and security.
    • I have something for ajax login through spring security: CODESNIPPET_JAVA1 .
    • If you're using a framework like Spring Security you can control that some URL like .json can only be reached by some users (for instance the administrator, if they're only used in the admin pages).
    • Explore all reviews