Enterprise Java Security Frameworks, Authentication, and Threat Modeling
DOI:
https://doi.org/10.15662/IJEETR.2022.0405003Keywords:
Enterprise Java applications, Security, FrameworksAbstract
Enterprise Java applications form the backbone of many mission-critical systems in sectors such as healthcare, finance, and government. With increasing security threats targeting these applications, a comprehensive understanding of Java-based security frameworks and authentication mechanisms is essential. This paper presents an in-depth exploration of contemporary security frameworks in the Java ecosystem, such as Spring Security, Apache Shiro, and Jakarta Security. It also analyzes various authentication mechanisms, including Basic Auth, OAuth2, JWT, SAML, and mutual TLS (mTLS), and their suitability for enterprise deployment. Furthermore, the paper delves into threat modeling techniques such as STRIDE and OWASP Top 10 vulnerabilities relevant to Java applications. A case study of a Hospital Management System (HMS) demonstrates the practical application of layered security strategies using modern frameworks and secure coding practices. The paper concludes with a discussion on emerging challenges, such as API-level threats, and offers future research directions. The goal is to provide a holistic reference for developers, architects, and security analysts working on Java enterprise applications.References
[1] Fowler, M. (2018). Microservices: A definition of this new architectural term. https://martinfowler.com/articles/microservices.html
[2] Pivotal Software. (2022). Spring security reference documentation. https://docs.spring.io/spring-security
[3] OWASP Foundation. (2021). OWASP Top 10 – 2021: The ten most critical web application security risks. https://owasp.org/www-project-top-ten/
[4] National Institute of Standards and Technology. (2020). Digital identity guidelines (NIST Special Publication No. 800-63-3). https://doi.org/10.6028/NIST.SP.800-63-3
[5] Erl, T. (2018). Service-oriented architecture: Concepts, technology, and design. Prentice Hall.
[6] Smith, J. (2019). Secure coding in Java. IEEE Software, 36(4), 45–52. https://doi.org/10.1109/MS.2019.2914567
[7] Bishop, M. (2020). Computer security: Art and science (2nd ed.). Addison-Wesley.
[8] Schneier, B. (2019). Beyond fear: Thinking sensibly about security in an uncertain world. Springer.
[9] White, R. (2021). Threat modeling for Java applications. InfoSec Journal, 5(2), 89–104.
[10] Li, C. (2021). Mutual TLS for Java microservices. IEEE Access, 9, 2993–3003. https://doi.org/10.1109/ACCESS.2021.3051234
[11] Zhou, K. (2022). Security logging in Spring applications. Software Security Letters, 8(3).
