Hemant Kesarkar said
The book covers J2EE 1.3 security with hello-world level security examples beyond I find nothing but an introductory Java Security API guide. The chapters also lack details on when and where you should use these APIs. I bought this book before 'Core Security Patterns' by Christopher Steel that is much more helpful and example driven than this book.
Vance Christiaanse said
The first thing to say to anyone considering buying a book on the topic of enterprise Java security is that the topic is vast and constantly changing. No single book could satisfy every need. That being said, this book comes as close as any one book is likely to. I've been using this book for several weeks now and I have found it extremely valuable.
Since I make my living helping people write better Java code I was dismayed by the assumption in some of the code examples that FileInputStream's available() method is guaranteed to return the total size of the file. (The code on pages 430-431 is just one example.)A loop is required for code that must work every time.
Since I didn't find any infomation in the book about where to submit errors or comments I will mention one more--admittedly small--item here: on page 363 "9" is printed where "q" is meant. It's an interesting typo because it suggests this portion of the manuscript may have been originally written by hand and then transcribed by someone non-technical. Or perhaps I've been studying cryptography so much lately I'm starting to decrypt things that aren't there.
I would recommend this book to anyone seeking detailed and authoritative information on any aspect of J2EE security from the low level cryptography to high level architecture.
Herryanto Siatono said
If you know nothing about Java Security, this book will be a good book for you to fly over the air and see what's inside J2EE security. It basically covers Java security architecture, EJB and web Application security, plus an overview on PKCS and S/MIME and Web Services security.
If you have known about JCA, JCE, JAAS, JSSE, you have known half of the book's content. If you have developed EJB and Web applications, you have known another quarter of this book.
Frank Cohen said
This book makes me nostalgic for the early SAMS Publishing Unleashed series of books on Java. Remember when you first learned what a servlet was? That's the feeling I get when reading Enterprise Java Security. The book does a good job explaining how Secure Sockets Layer (SSL,) object-level security, Kerberos, and legacy security came about. It then shows detailed examples with sample code how to implement each of the security techniques. The text is surprisingly complete, including coverage of Web Service Security protocols and techniques.
Rakesh said
* This book helps me a LOT to understand programmatic approach, why Java security is a key factor in an e-business environment.
* The book shows me the J2EE and J2SE security architecture, showing how these architectures relate to each other and how they are augmented by JAAS.
* I feel for the developers who need to build J2EE applications, securely and reliably, the book covers relationship between J2EE and Cryptographic technologies; like Java Cryptography Architecture, Java Cryptography Extension, Public-Key cryptography Standards, Secure/Multipurpose Internet Mail Extensions, and Java Secure Socket Extension.
Comments