[PLUG] Review by Fred Stluka of "J2EE Security for Servlets, EJBs, and W

Fred Stluka on 27 Feb 2008 06:03:35 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Review by Fred Stluka of "J2EE Security for Servlets, EJBs, and Web Services"...

From: Fred Stluka <fred@bristle.com>

To: plug@lists.phillylinux.org

Subject: [PLUG] Review by Fred Stluka of "J2EE Security for Servlets, EJBs, and Web Services"...

Date: Wed, 27 Feb 2008 09:02:48 -0500

Organization: Bristle Software, Inc.

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)

Here's my review of the book I got at the PLUG West meeting Mon 2/18/2008: "J2EE Security for Servlets, EJBs, and Web Services" by Pankaj Kumar This is a comprehensive book covering all areas of Java security from simple Java apps, to applets, servlets, EJBs and Web services. Aside from the basic Java Authentication and Authorization Service (JAAS), it covers public key encryption (PKI), security across the wire (SSL, HTTPS, etc.), security of messages (XML Signature, XML Encryption, etc.), securing remote method calls (RMI), HTTP authentication schemes (basic, digest, etc.), digital certificates, container-based declarative security vs. programmatic security, JNDI Authentication, Web Service Security (WS-Security), etc. It also covers common vulnerabilities (injection, cross-site scripting, etc.) as a motivation for writing secure code. For each topic, it gives an overview of the security considerations, explains the theory behind the security mechanisms, and dives into detailed code examples of how to use the available security libraries and other features. It is clear, concise, concrete, and easy to read. Along the way, it covers lots of topics that are not directly security related, but are necessary for the user to be able to try things out. For example, how to download, install and configure Apache Tomcat, BEA WebLogic, Apache Axis, and other servers. Also, the author has written several useful security tools and utilities, which are freely downloadable. They are described and used throughout the book to analyze and update security settings. Appendix C contains complete documentation for the tools, along with instructions to download and install them, examples of how to use them, etc. Definitely a book worth having! Thanks! --Fred --------------------------------------------------------------------- Fred Stluka -- mailto:fred@bristle.com -- http://bristle.com/~fred/ Bristle Software, Inc -- http://bristle.com -- Glad to be of service! --------------------------------------------------------------------- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: Re: [PLUG] only semi OT: Vonage and QOS

Next by Date: Re: [PLUG] only semi OT: Vonage and QOS

Previous by thread: Re: [PLUG] only semi OT: Vonage and QOS

Next by thread: [PLUG] Possible Perl Question

Index(es):

Date

Thread