Programming Books C Java PHP Python Learn more Browse Programming Books
Buy New
$34.26
Qty:1
  • List Price: $49.99
  • Save: $15.73 (31%)
FREE Shipping on orders over $35.
Only 1 left in stock (more on the way).
Ships from and sold by Amazon.com.
Gift-wrap available.
Add to Cart
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

J2EE Security for Servlets, EJBs, and Web Services Paperback – September 14, 2003

ISBN-13: 007-6092022602 ISBN-10: 0131402641 Edition: 1st

Buy New
Price: $34.26
12 New from $23.93 23 Used from $0.01 1 Collectible from $25.95
Amazon Price New from Used from
Paperback
"Please retry"
$34.26
$23.93 $0.01

Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student



NO_CONTENT_IN_FEATURE

Save up to 90% on Textbooks
Rent textbooks, buy textbooks, or get up to 80% back when you sell us your books. Shop Now

Product Details

  • Paperback: 464 pages
  • Publisher: Prentice Hall; 1 edition (September 14, 2003)
  • Language: English
  • ISBN-10: 0131402641
  • ISBN-13: 978-0131402645
  • Product Dimensions: 1 x 6.8 x 9.1 inches
  • Shipping Weight: 1.6 pounds (View shipping rates and policies)
  • Average Customer Review: 3.5 out of 5 stars  See all reviews (22 customer reviews)
  • Amazon Best Sellers Rank: #3,210,897 in Books (See Top 100 in Books)

Editorial Reviews

From the Back Cover

J2EE developers have an extraordinary array of powerful options for securing their Web services, Web applications, EJB components and RMI objects. Now, expert Java architect Pankaj Kumar helps developers make sense of Java's increasingly rich security APIs, tools, patterns, and best practices-showing how to use each of them in the right place, at the right time, and in the right way.

Kumar covers every significant J2SE and J2EE security mechanism, presenting practical implementation techniques for the entire J2EE project lifecycle: analysis, design, development, deployment and operations. The book's example-rich coverage includes:

  • Implementing cryptography with the JCA (Java Cryptography Architecture) and JCE (Java Cryptography Extension) security APIs
  • Building PKI systems with Java: implementing X.509 certificates, Certification Authorities, Certificate Revocation Lists, and repositories
  • Java security managers, policy files, and JAAS: implementing access control based on code origin, code signer and user credentials
  • Securing the wire: Using SSL and the JSSE API to secure data exchange over unprotected networks
  • Ensuring XML message integrity, authentication, and confidentiality with the standards: XML Signature & XML Encryption using the VeriSign TSIK, and Infomosaic SecureXML libraries
  • Addressing security issues in RMI-based distributed applications
  • Developing and deploying servlets and EJBs for authenticated and secure access
  • Securing Web services with transport- and message-based security: SSL for transport-based and WS Security for message-based security
  • Covering security aspects of best-of-breed products: Apache Tomcat, Apache Axis, and BEA WebLogic Server.

About the Author

PANKAJ KUMAR is Software Architect at Hewlett-Packard's Web Services Management Organization and has worked extensively in the area of middleware and security. He has presented on Java and Web services technologies at events ranging from SD West and SD Forum to HP World.


More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

3.5 out of 5 stars
Share your thoughts with other customers

Most Helpful Customer Reviews

11 of 11 people found the following review helpful By Prasad Reddy on December 29, 2003
Format: Paperback
I was quite disappointed in this book, which is both drawn-out and shallow in its coverage of j2ee and web services. With 425 pages (11 chapters), the book only talks about J2EE component security in 2 chapters (Chapter 9 and 10) and stops at high-level with spending pages on configuring tomcat and weblogic 7. The author comfortably skipped discussing content over complex issues and finally completely forgot about illustrating real-world security issues and measures.
Although the book covers some very basic aspects of Java security, ultimately it provides a dreary drawn-out overview of j2ee security which is better found more in google and elsewhere.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
7 of 7 people found the following review helpful By Genka on April 30, 2004
Format: Paperback
The title is, definitely, misleading: it does not cover the subject of J2EE security. One cannot build a secure application with this book! There are lots of great books on the Standard Edition security, and there is no need to go over it again, particularly when J2EE presents so many new issues and problems one needs to take care in order to build a commercial application. Otherwise the book is easy to read and understand.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
6 of 6 people found the following review helpful By Paul Lopez on January 25, 2006
Format: Paperback
This book is similiar to sun java security tutorial with little additions specific to weblogic 7.0 and apache axis 1.0. The code examples don't run on j2ee 1.4 platform. The book also needs a new edition with revised examples to include newer security mechanisms with j2se 1.5. Except for chapter 1 - A Security primer, all other chapters are technically obsolete.

If you wish to pick a good alternative book, choose Core Security Patterns by Chris Steel et all - that is the best book I have seen for Java security.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
5 of 5 people found the following review helpful By A Customer on October 4, 2003
Format: Paperback
It was my struggle with keystore formats, certificates, cert-chains, private keys, CSRs, CRLs, Java system properties and other such stuff that prompted me to buy this book and I must say that I got more than what I paid for. The JSTK (JSTK stands for Java Security ToolKit, the software downloadable from book's website -- You will have to get the book to get the URL, though) alone is worth the price of the book. With this, I could list all the CSPs installed and configured within my JRE, algorithms supported by them and can even issue signed certificates -- not to mention about all other cool things, such as signing and encrypting files, sending data over SSL and making performance observations etc., I can experiment with without writing a single line of code.
The first few chapters appear to be introductory and could be turn-off if your interest is only in pure J2EE stuff such as RMI, web apps, EJBs, Web services and EISs. However, as I went through the later chapters, it dawned upon me that I would never have followed these concepts and examples without the background stuff in the earlier chapters that talked about cryptographic APIs, SSL, policy based access control, XML-Encryption and XML-Signature. Perhaps this is the reason the author chose to leave out certain other security topics related but non-critical to J2EE: applets, byte code, Java web start, guarded objects and so on.
The emphasis on performance measurement is again something that appealed to me. A lot of times we decide not to incorporate security stuff because we are afraid of the runtime performance overhead. It certainly helps to know the amount of overhead and how to measure this within a given environment.
At the end, I am glad that I bought this book. It may not have everything I may need to know but it does have a lot of good stuff.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
7 of 8 people found the following review helpful By Thomas Paul VINE VOICE on October 9, 2003
Format: Paperback
Security is like spinach - it's good for you but not too many people like it. Most security books bore me to tears with page after page of description accompanying three lines of code. This book is different. This book is geared towards actual developers who are looking for not just explanations of security but useful examples showing how to make security work in their applications.
The first section of the book is an introduction to security in general and Java security in particular. The next section looks at the basic technologies and APIs used for encryption, authentication, and authorization. This section starts with a look into cryptography and covers JCA and JCE. It continues with coverage of digital certificates and then looks at controlling access to resources by using policy files. This section ends with a look at SSL and securing XML messages. The final section examines using these technologies in various J2EE applications such as RMI, Servlets, EJBs, and Web Services.
The explanations throughout the book are clear and easy to follow with plenty of code samples to demonstrate how to use the various APIs associated with security in Java programs. The best part of the book is the many code samples provided and the detailed descriptions accompanying these code samples. In addition, the author has provided a group of tools to assist with security development. Over all this is one of the best J2EE security books on the market.
Note: In general, J2SE security is only covered when it involves J2EE issues but then this is "J2EE Security".
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
6 of 7 people found the following review helpful By W Boudville HALL OF FAMETOP 1000 REVIEWERVINE VOICE on October 29, 2003
Format: Paperback
If J2EE containers are to be used for commercial web applications, then a built in means of securely encrypting and decrypting traffic is essential. Such a thing should be independent of any specific crypto algorithm, since new ones come into being, and sometimes existing ones are found to be inadequate. We should also be able to handle symmetric and public/private key systems.
Ideally, such capabilities would be as intrinsic to J2EE as, say, Exception handling is to standard java.
Well, is this so? Kumar shows in this book that for the most part, this is indeed so. Numerous code examples covering many aspects like https, Enterprise Java Beans and certificates. He points out one shortcoming; namely that RMI usage is not inherently secure. This was a legacy of when java got started and before it moved into enterprise applications. Still, he does show examples of how to add in security to RMI, though it may not be totally fullproof. In any event, today's J2EE applications have RMI relatively superceded, and the book's attention reflects this.
As a quick note, Kumar describes a 'person-in-the-middle' attack. There is an important, insidious mutation of this, popularly known as 'Phishing'. He never uses this term or explains this variant. Pity, given its multiple recent incarnations (the emails purporting to be from Paypal, eBay, BestBuy...) in mass mailings to millions, and the subsequent broad publicity in the mainstream media.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Customer Images

Most Recent Customer Reviews

Search