Our app throws all sorts of exceptions. Well, it doesn't usually. It shouldn't normally. Er... But, when it does we want to put in some handling so that the app doesn't blow up in some unsuspecting user's face. And even then, sometimes we want special handling for certain exceptions and make sure others are just caught. And that's what we'll do with AccessDeniedException.
Spring Security (previously Acegi) gives you an awesome AOP way of locking down methods in your Java application. And well-placed lock down is a special power indeed. However, Spring disappoints a bit on this score because it turns out its default behavior is to 'or' the roles listed in @Secured annotation. You'd think the default would be the stricter 'and', but alas. But never fear, there is hope.
Around the office, when someone security-minded finds out that I instant message (IM) over Pidgin (using Google Talk's service), there tends to be wailing and gnashing of teeth, because I am chatting in clear text over the wire. I am encouraged to use a clunky, Windows-only, proprietary, corporate, different tool that is for internal talk with internal people. "It's secure." "It's encrypted," they say. I never though I said too much of worth over chat, and what was occasionally awesome was well-encoded in l33t. But, now my friend Dean teaches me the goodness of encrypting your IMs ...
Recently, I've been working on a project where I've tried to use AES encryption for the first time. I didn't have to implement it myself, thank goodness, but I still ran into a few snags. Perhaps you can avoid my pitfalls and rise to new greatness on the peaks of glory and fortitude! This article title sounds like a laundry detergent.
By default, Java has a limit on the length of your encryption key. The limit, by default 128-bit, seems a little small and dated. So, let's break through that glass ceiling! With the hammer of Thor!
Sometimes you need to install a security certificate for authentication to work for certain services -- services that are accessed by your java application that requirement a secure connection. For instance, needing to authenticate against an LDAP server from one of our apps, we had to run a little InstallCert.java on all JDKs used to run the app.