Craig Anderson said
This is a great book - by far the best security design book for Java and J2EE I have read to date. When I first heard about my coworkers talking about this book, I thought "oh great, another J2EE book!" Much to my surprise, this book is not just a how-to security API or patterns recipe book but much more than that - I see it as a collection of valuable suggestions and examples on how to choose security mechanisms and use them in J2EE applications and web services. Moreover, it tells you what the bestpractices, pitfalls and tradeoffs are for each design pattern option you take. Particularly, You will find this book as an ideal companion for CORE J2EE PATTERNS - Deepak Alur et al, which is my favorite for designing J2EE applications.
This book is as close to size of a pillow and I do understand why the authors gave only code snippets for selected examples instead of full implementation. The case study is just right, it discusses the scenario and how to incorporate the patterns right in to the application design..which is just right for an experienced developer but a budding developer may find it uncomfortable.
Having said that, I prefer this book as a must-have for any serious J2EE developer/designer/architect who wants to build Security from understanding basics of WHAT and know WHY you should architect your J2EE system in a particular way and not just HOW. Ultimately you will find this book as an onestop reference for building security in J2EE applications.
D. R. Rogers said
This is a very comprehensive, well written and well-organized guide for securing Java and J2EE. Yes, it has everything - all done well - definitely worth a buy. If you are into Java based applications development and planning to work on application security assessment, development, testing ....and planning to live by it every day, you will learn a lot from this book, to re-evaluate the things with patterns and best-practices, and to genuinely improve your results knowing the pitfalls. If you are a Java applications developer, this book *will* help you guide with Java security mechanisms and where and apply them for building secure applications. If you are a security enthusiast, you will genuinely enjoy the time spent with this book, and you will find this brick handy more often than previously imagined.
I strongly recommend this book for budding and experienced Java developers/architects who are involved with Java applications development, J2EE based web applications and web services. This book covers security mechanisms including Java 6 and Java EE5.
John F. Wright said
Our book discussion group selected this book to review. Unfortunately after a couple months we agreed the value of this book was not sufficient to continue reading and discussing it. (We gave up in Chapter 9 - after skipping chapters 5, 6 and 7 because too many of the group were losing patience and wanted to get deeper into the book where we might find something of value.)
Many interesting subjects are touched on, but nothing has enough depth to be of serious value. This is further hampered by poor writing and editing. There is a fair amount of "duplication" in this book where the same "nothing" is sometimes repeated. The code snippets are weak and not of much value.
The bottom line is that while the subject is very interesting, the presentation in this book is so poor that it doesn't justify reading 1000+ dull pages. This book doesn't seem to have a target audience, it's too high level for developers, but gets into too low level details for management. It fails to be a good technical reference and at the same time fails as a concise overview to educate management decision makers. (Hint for authors: if your audience is management, keep it brief and to the point, management doesn't have time to read page after page of trivial commentary. If your audience is developers, the book needs to deliver solid technical information.)
D. Zatselyapin said
I prefer to be short.This book met my expectations. It is a good overview on latest the security designs. It doesn't go into the unnecessary details. It gave me some good ideas on my latest security system implementation.I used it a lot when I was writing my solution architecture design document.
J. Dominic said
This is a great book - by far the best security design book for Java and J2EE (including Java SE 6 and Java EE 5) I have read to date. When I first heard about my coworkers talking about this book, I thought "oh great, another J2EE book!" Much to my surprise, this book is not just a how-to security API or patterns recipe book but much more than that - I see it as a collection of valuable suggestions and examples on how to choose security mechanisms and use them in J2EE applications and web services. Moreover, it tells you what the bestpractices, pitfalls and tradeoffs are for each design pattern option you take. Particularly, You will find this book as an ideal companion for CORE J2EE PATTERNS - Deepak Alur et al, which is my favorite for designing J2EE applications.
This book is as close to size of a pillow and I do understand why the authors gave only code snippets for selected examples instead of full implementation. The case study is just right, it discusses the scenario and how to incorporate the patterns right in to the application design..which is just right for a Java developer who is involved with Java enterprise applications and web services. The best practices and security checklist detailed in this book - helps a lot during development and when you want to deploy a J2EE application/web service in production.
Having said that, I prefer this book as a must-have for any serious Java developer/designer/architect who wants to build Security from understanding basics of WHAT and know WHY you should architect your J2EE system in a particular way using best practices (a long list) and not just HOW. Ultimately you will find this book as an onestop reference for building security in J2EE applications and web services.
Comments