ABSTRACT
Access control is one of the basic constituents of a strong information security practice. Access control ensures that only authenticated and authorized individuals can gain access to sensitive information. This chapter delves deeply into access control and its elements, authentication and authorization. The various concepts of access control are explained in detail. Details on various access control models are also provided. This chapter then focuses on the access control best practices for Web applications and also provides a view of security compliance requirements that are related to access control. Finally, the chapter dives deep into the development of a strong access control system with the new Java EE.
