Confidentiality and Integrity

Although you can use JEE security to secure Web resources from unauthenticated or unauthorized users, JEE security cannot prevent the data that flows between a client and server from being intercepted or read. For these purposes, you can use Secure Sockets Layer (SSL). SSL guarantees data integrity, ensures that messages between a client and server are not tampered with or modified, and provides confidentiality through encryption. SSL also includes server authentication, which allows a client to confirm the identity of a server, and client authentication, which allows a server to confirm the identity of a client.

It is important that you authenticate over SSL, whether you use JEE form-based, JEE basic, or custom authentication. For more information about SSL, see "Overview of SSL."


Feedback