Fred Stluka on 27 Feb 2008 06:03:35 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Review by Fred Stluka of "J2EE Security for Servlets, EJBs, and Web Services"...

Here's my review of the book I got at the PLUG West meeting Mon

"J2EE Security for Servlets, EJBs, and Web Services"
by Pankaj Kumar

This is a comprehensive book covering all areas of Java security
from simple Java apps, to applets, servlets, EJBs and Web services.
Aside from the basic Java Authentication and Authorization Service
(JAAS), it covers public key encryption (PKI), security across the
wire (SSL, HTTPS, etc.), security of messages (XML Signature, XML
Encryption, etc.), securing remote method calls (RMI), HTTP
authentication schemes (basic, digest, etc.), digital certificates,
container-based declarative security vs. programmatic security,
JNDI Authentication, Web Service Security (WS-Security), etc.

It also covers common vulnerabilities (injection, cross-site
scripting, etc.) as a motivation for writing secure code.

For each topic, it gives an overview of the security considerations,
explains the theory behind the security mechanisms, and dives into
detailed code examples of how to use the available security libraries
and other features. It is clear, concise, concrete, and easy to read.

Along the way, it covers lots of topics that are not directly
security related, but are necessary for the user to be able to
try things out. For example, how to download, install and configure
Apache Tomcat, BEA WebLogic, Apache Axis, and other servers.

Also, the author has written several useful security tools and
utilities, which are freely downloadable. They are described and
used throughout the book to analyze and update security settings.
Appendix C contains complete documentation for the tools, along
with instructions to download and install them, examples of how
to use them, etc.

Definitely a book worth having!

Fred Stluka -- --
Bristle Software, Inc -- -- Glad to be of service!

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --