Hi guys, I see in the MEAP you have chapters on securing both JBoss and web applications. Can you give any details on what you covered there and how the two chapters interrelate?
The security chapter introduces security in a general sense, and shows how to configure login modules. Most of the other chapters go into details on securing that particular technology. For example, the web services chapter covers authentication and using WS-Security to encrypt and sign messages. Those chapters always build on the groundwork laid by the security chapter. The web app chapter got so long that we decided to split it in two and put all of the security-related text into a single chapter.
We would have covered the Web security topic in the Web chapter, but there was so much to write that we made it a separate chapter. Like Peter said, most of the other chapters build on the fundamentals described in chapter 4 and describe security configuration specific to the chapter topic.