Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management

Title:              Best Practices & Strategies for J2EE, Web Services & Identity Management
Authors:        Christopher Steel, Ramesh Nagappan, Ray Lai
ISBN-10(13): 0131463071
Publisher:      Prentice Hall
Published:     October 24, 2005
Edition:          1st Edition
Language:     English

If you ever want to understand about security and its role in the development of J2EE enterprise-level applications, then you should consider buying this book from your local bookstore.

The authors have done an excellent job in explaining the basics of security as it applies to the most common business practices, as well as deliver intricate details on the inner workings of the Java platform security architecture. Even though this book covers in its majority Java technologies, you don't have to be a Java developer or architect to appreciate it.

The book is divided in 7 major parts:

Part 1: Introduction and Basics of Security

Part 2: Java Security Architecture and Technologies

Part 3: Web Services Security and Identity Management

Part 4: Security Design Methodology, Patterns, and Reality Checks

Part 5: Design Strategies and Best Practices

Part 6: Putting it all together

Part 7: Personal Identification using Smart Cards and Biometrics

Parts 1-5 provide reams of detail about the fundamentals of security, the J2EE security architecture, and the technologies used to enable Web services security. In addition, there is a comprehensive explanation of patterns and practices for J2EE developers, as well as design strategies and best practices for securing J2EE Web components and web-based applications.

Web developers might want to pay special attention to Part 3 of the book because it gives an insight on fortifying Web services, authenticating and authorizing end users, and applying the latest cryptographic techniques. XML is described in detail as the encoding for messages between parties using a Web Service.

Note that this book does not explain the specific JAVA APIs needed for basic J2EE application development. Twenty-three proven security architectural patterns are discussed and presented through several realistic scenarios, covering architecture and implementation and presenting detailed sample code.

Part 6 of the book describes how to use this newly acquired knowledge in the implementation of real-world security scenarios.

Finally, we found the last part of this book as the most intriguing. It provides an in-depth coverage on Personal Identification using Smart Cards and Biometrics, their role in physical and logical access control, and the different technologies used in their implementation. Best practices and common pitfalls that might arise when implementing security using smart cards and biometrics are also discussed.

Overall we believe this is excellent book for the security enthusiast who wants to build robust end-to-end security into J2EE enterprise applications.