Spotlight customer reviews:
|
Customer Rating:  
Summary: Java security made easy. Excellent title worth investing on.
Comment: If you ever want to understand about security and its role in the development of J2EE enterprise-level applications, then you should consider buying this book from your local bookstore.
The authors have done an excellent job in explaining the basics of security as it applies to the most common business practices, as well as deliver intricate details on the inner workings of the Java platform security architecture. Even though this book covers in its majority Java technologies, you don't have to be a Java developer or architect to appreciate it.
The book is divided in 7 major parts:
Part 1: Introduction and Basics of Security
Part 2: Java Security Architecture and Technologies
Part 3: Web Services Security and Identity Management
Part 4: Security Design Methodology, Patterns, and Reality Checks
Part 5: Design Strategies and Best Practices
Part 6: Putting it all together
Part 7: Personal Identification using Smart Cards and Biometrics
Parts 1-5 provide reams of detail about the fundamentals of security, the J2EE security architecture, and the technologies used to enable Web services security. In addition, there is a comprehensive explanation of patterns and practices for J2EE developers, as well as design strategies and best practices for securing J2EE Web components and web-based applications.
Web developers might want to pay special attention to Part 3 of the book because it gives an insight on fortifying Web services, authenticating and authorizing end users, and applying the latest cryptographic techniques. XML is described in detail as the encoding for messages between parties using a Web Service.
Note that this book does not explain the specific JAVA APIs needed for basic J2EE application development. Twenty-three proven security architectural patterns are discussed and presented through several realistic scenarios, covering architecture and implementation and presenting detailed sample code.
Part 6 of the book describes how to use this newly acquired knowledge in the implementation of real-world security scenarios.
Finally, we found the last part of this book as the most intriguing. It provides an in-depth coverage on Personal Identification using Smart Cards and Biometrics, their role in physical and logical access control, and the different technologies used in their implementation. Best practices and common pitfalls that might arise when implementing security using smart cards and biometrics are also discussed.
Overall we believe this is excellent book for the security enthusiast who wants to build robust end-to-end security into J2EE enterprise applications.
Customer Rating:
Summary: Excellenet book for Java Security architects
Comment: Like any Sun core book, this "reference" manual is cut above the rest. Personally I use it more as a reference manual helping me to understand and design security requirements for a project.
Customer Rating:
Summary: The reference book of the java security
Comment: A fantastic book that each java developer should have. Today, the security is becoming a real requirement of each java based enterprise application, and this book, in my opinion, represents the best reference. It is a very exhaustive and complete book for both beginner and advanced levels.
Customer Rating:
Summary: I don't think this is an awesome book
Comment: I am amazed by the 5 star ratings everybody has given this book! And I have implemented several enterprise level security implementations/integrations supporting hundres of thousands of users.
In my opinion, this book is really feeding the buzzwords frenzy of security domain. It certainly "talks the talk", but can it "walk the talk"?
I can think of numerous glaring examples where the book falls short. To name a few:
- Smart Cards (lots of power point and management level sales fluff here)
- JAAS (I have seen it being described much better in fewer words)
- SAML (huh?)
I think the book does a below average job of providing practical information. Even the content does not flow very smoothly and coherently.
Customer Rating:
Summary: Solid Book for Security for Java EE, Web Services and Identity Management
Comment: If ever you wanted one reference book for security and identity management, this book will get you there. A solid book that is good on theory and examples.
The book starts out on a discussion of why security and identity management are important, various government regulations manning ID and basics of security. After this, an introduction into the J2se security model is provided that includes the sandbox, security tools like keytool, policytool and J2ME/Smart Cards etc.
The Java extensible security architecture is described in considerable detail. This is where information on JCA/JCE, JAAS, JGSS, SASL and JSSE are valuable. I particularly liked the treatment on JCA, JGSS and SASL.
The chapter on J2EE Security Architecture is very concise and can be improved.
The chapter on web services security is decent and the section on Java based wss providers can be removed (as it will change). The treatment of XACML is quite good.
The chapter on Identity Management Standards is quite good except that the treatment on Liberty Alliance should be reduced in favor of SAML 2.0 (which encompasses Liberty). I guess at the time of writing, SAML 2.0 was not public or the author had experience in liberty (not surprised given some of the authors are Sun people).
The chapter on the patterns itself is fine but not useful for me. I benefited a lot from the section on service provisioning that introduced me to SPML.
The last chapter is on smart cards and biometrics which is not relevant to me.
Suggestion to the authors: Treatment of subject is good but reduce focus on sun software (excluding the JDK/JWSDP/Sunxacml).
Things that I benefited the most from the book:
- Types of SSO
- Crypto
- JGSS + SASL
- XACML 2.0
- SPML
- General IDM concepts
I do not regret holding this book. In fact, it is worth more than its cost.
Anil Saldhana
Chicago Java Users Group
|
|
|
