J2EE developers have an extraordinary array of powerful options for securing their Web services, Web applications, EJB components and RMI objects. Now, expert Java architect Pankaj Kumar helps developers make sense of Java's increasingly rich security APIs, tools, patterns, and best practices-showing how to use each of them in the right place, at the right time, and in the right way.

Kumar covers every significant J2SE and J2EE security mechanism, presenting practical implementation techniques for the entire J2EE project lifecycle: analysis, design, development, deployment and operations. The book's example-rich coverage includes:

• Implementing cryptography with the JCA (Java Cryptography Architecture) and JCE (Java Cryptography Extension) security APIs

• Building PKI systems with Java: implementing X.509 certificates, Certification Authorities, Certificate Revocation Lists, and repositories

• Java security managers, policy files, and JAAS: implementing access control based on code origin, code signer and user credentials

• Securing the wire: Using SSL and the JSSE API to secure data exchange over unprotected networks

• Ensuring XML message integrity, authentication, and confidentiality with the standards: XML Signature & XML Encryption using the VeriSign TSIK, and Infomosaic SecureXML libraries

• Addressing security issues in RMI-based distributed applications

• Developing and deploying servlets and EJBs for authenticated and secure access

• Securing Web services with transport- and message-based security: SSL for transport-based and WS Security for message-based security

• Covering security aspects of best-of-breed products: Apache Tomcat, Apache Axis, and BEA WebLogic Server.

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 21 Ratings

A little bit of everything - 2004-04-30
Reviewer Rating:
The title is, definitely, misleading: it does not cover the subject of J2EE security. One cannot build a secure application with this book! There are lots of great books on the Standard Edition security, and there is no need to go over it again, particularly when J2EE presents so many new issues and problems one needs to take care in order to build a commercial application. Otherwise the book is easy to read and understand.

Book needs a revision. - 2006-01-26
Reviewer Rating:
This book is similiar to sun java security tutorial with little additions specific to weblogic 7.0 and apache axis 1.0. The code examples don't run on j2ee 1.4 platform. The book also needs a new edition with revised examples to include newer security mechanisms with j2se 1.5. Except for chapter 1 - A Security primer, all other chapters are technically obsolete.

If you wish to pick a good alternative book, choose Core Security Patterns by Chris Steel et all - that is the best book I have seen for Java security.

Excellent primer on security! - 2004-01-08
Reviewer Rating:
This book is an excellent compilation of security concepts explained in simple terms and with lots of well illustrative example code. Kumar has even provided benchmarking code to help developer choose appropriate technology for their own applications. Great book to have for security developers and students!

Excellent and comprehensive book on J2EE security - 2004-03-22
Reviewer Rating:
This is one the best books that I have ever read. The writing is very lucid and the author explains concepts in very clear and easy to understand manner. The utility tools are very, very useful. I have have been using them on a regular basis. The book also has good code snippets, diagrams and screen shots where necessary. But no space filling techniques ever.

The coverage of topics is very good. Security, cannot have one sided view. The author did a good job of pulling together all aspects of securing a Java application (from code access security and class loading to cryptography to securing components to securing webservices) - he covers the whole gamut without getting lost.

Ever since I bought this book, I have been carrying to work everyday. I buy LOT OF computer books, but rarely do I fall in love so much with them. I would put it on the same level as UML Distilled, J2EE Patterns and Bruce Eckel's Java. If you are doing Java Security, this is the one and only book you will ever read. To me, it has been inevitable.

I sincerely thank the author and the publishers for not making this another 1200+ page book. This is about 400+ pages and doesn't put you off with its weight!

Its greatest strength is also its greatest weakness - 2005-10-01
Reviewer Rating:
Pankaj Kumar definitely deserves an "A for effort". As in other material of his I've read he makes security concepts accessible and easy to understand.

Kumar created an impressive array of tools and example code which are available at a URL provided in the preface. The problem is that when you consult his book hoping to find Java code to accomplish a specific task you often find instead a description of how to use his JSTK (Java Security Tool Kit) to accomplish the task. For some readers this may be okay but for anyone who wants to learn how to write their own Java code it just adds an awkward extra layer of indirection.

Aside from that significant concern I would definitely recommend this book for software developers seeking to learn more about J2EE security.

Browse Similar Topics

Top Level Categories:
Internet/Online

Sub-Categories:
Internet/Online > Web Services