Implementing security is an integral part of web application development that you should consider carefully when you design a Rich UI application. In the rush to unveil new dynamic, interactive web applications, developers sometimes forgo adding security measures. Attackers know how to exploit the vulnerabilities of applications. All kinds of organizations have been victimized, with results ranging from simple embarrassment to the public distribution of sensitive data. The best approach to avoid such problems is to eliminate weaknesses before they can be exploited.
Typically, security is configured after a Rich UI application is deployed; however, the security design should be determined early and integrated with the design of the application. When you apply security early in the development cycle, the process can be easier and you can avoid problems that might be costly if found late in the cycle.
You should also evaluate JSF applications that are rewritten into Rich UI applications for security issues. Even if the JSF application was not originally secure, the introduction of the EGL Rich UI Proxy in V7.5.1 presents security risks that must be mitigated. You might need to change the design of the application.
This section contains considerations that are specific to securing the resources that are related to Rich UI applications. It also provides a quick overview and examples of how to configure and use Java™ Enterprise Edition (JEE) authentication and Secure Sockets Layer (SSL). Security is not available when you preview a Rich UI application from the EGL Rich UI editor. Because security is a large and complex topic, also consult the online documentation of your application server and other security documentation.