J2EE Security for Servlets, EJBs, and Web Services [Paperback]

Pankaj Kumar (Author)

Book Description

ISBN-10: 0131402641 | ISBN-13: 978-0131402645 | Publication Date: September 14, 2003 | Edition: 1

Dealing with security issues continues to be challenging for programmers and developers. In this book, expert practitioner Pankaj Kumar walks through both the descriptions and resolutions of those security issues that Java professionals will run into while designing, building, deploying and operating solutions that use J2EE technologies - such as Servlets, EJBs and Web Services. Unlike most books on security, Kumar covers security concepts such as authentication, authorization, confidentiality, integrity and non-repudiation in the context of security standards, Java APIs and software products implementing these technologies, while demonstrating how to use these in creating solutions.

Editorial Reviews

From the Back Cover

J2EE developers have an extraordinary array of powerful options for securing their Web services, Web applications, EJB components and RMI objects. Now, expert Java architect Pankaj Kumar helps developers make sense of Java's increasingly rich security APIs, tools, patterns, and best practices-showing how to use each of them in the right place, at the right time, and in the right way.

Kumar covers every significant J2SE and J2EE security mechanism, presenting practical implementation techniques for the entire J2EE project lifecycle: analysis, design, development, deployment and operations. The book's example-rich coverage includes:

• Implementing cryptography with the JCA (Java Cryptography Architecture) and JCE (Java Cryptography Extension) security APIs
• Building PKI systems with Java: implementing X.509 certificates, Certification Authorities, Certificate Revocation Lists, and repositories
• Java security managers, policy files, and JAAS: implementing access control based on code origin, code signer and user credentials
• Securing the wire: Using SSL and the JSSE API to secure data exchange over unprotected networks
• Ensuring XML message integrity, authentication, and confidentiality with the standards: XML Signature & XML Encryption using the VeriSign TSIK, and Infomosaic SecureXML libraries
• Addressing security issues in RMI-based distributed applications
• Developing and deploying servlets and EJBs for authenticated and secure access
• Securing Web services with transport- and message-based security: SSL for transport-based and WS Security for message-based security
• Covering security aspects of best-of-breed products: Apache Tomcat, Apache Axis, and BEA WebLogic Server.

About the Author

PANKAJ KUMAR is Software Architect at Hewlett-Packard's Web Services Management Organization and has worked extensively in the area of middleware and security. He has presented on Java and Web services technologies at events ranging from SD West and SD Forum to HP World.

See all Editorial Reviews

Product Details

• Paperback: 464 pages
• Publisher: Prentice Hall; 1 edition (September 14, 2003)
• Language: English
• ISBN-10: 0131402641
• ISBN-13: 978-0131402645
• Product Dimensions: 9.2 x 6.9 x 1 inches
• Shipping Weight: 1.6 pounds (View shipping rates and policies)
• Average Customer Review: 3.6 out of 5 stars  See all reviews (21 customer reviews)
• Amazon Best Sellers Rank: #1,971,238 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

10 of 10 people found the following review helpful:

2.0 out of 5 stars Shallow on J2EE security !, December 29, 2003

By 

Prasad Reddy "Prasad" (Sanjose, CA) - See all my reviews

This review is from: J2EE Security for Servlets, EJBs, and Web Services (Paperback)

I was quite disappointed in this book, which is both drawn-out and shallow in its coverage of j2ee and web services. With 425 pages (11 chapters), the book only talks about J2EE component security in 2 chapters (Chapter 9 and 10) and stops at high-level with spending pages on configuring tomcat and weblogic 7. The author comfortably skipped discussing content over complex issues and finally completely forgot about illustrating real-world security issues and measures.
Although the book covers some very basic aspects of Java security, ultimately it provides a dreary drawn-out overview of j2ee security which is better found more in google and elsewhere.

7 of 7 people found the following review helpful:

2.0 out of 5 stars A little bit of everything, April 30, 2004

By 

Genka "genka_v" (Malden, MA United States) - See all my reviews

This review is from: J2EE Security for Servlets, EJBs, and Web Services (Paperback)

The title is, definitely, misleading: it does not cover the subject of J2EE security. One cannot build a secure application with this book! There are lots of great books on the Standard Edition security, and there is no need to go over it again, particularly when J2EE presents so many new issues and problems one needs to take care in order to build a commercial application. Otherwise the book is easy to read and understand.

6 of 6 people found the following review helpful:

1.0 out of 5 stars Book needs a revision., January 25, 2006

By 

Paul Lopez "Paul" (Tucson, AZ) - See all my reviews

This review is from: J2EE Security for Servlets, EJBs, and Web Services (Paperback)

This book is similiar to sun java security tutorial with little additions specific to weblogic 7.0 and apache axis 1.0. The code examples don't run on j2ee 1.4 platform. The book also needs a new edition with revised examples to include newer security mechanisms with j2se 1.5. Except for chapter 1 - A Security primer, all other chapters are technically obsolete.

If you wish to pick a good alternative book, choose Core Security Patterns by Chris Steel et all - that is the best book I have seen for Java security.