• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Core Security patterns book for J2EE

 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We got this new book in my library, the patterns are similar to Core J2EE patterns with more emphasis on implementing security. The best practices and reality checks for designing security is very appealing. Free chapter and samples are available at coresecuritypatterns.com and securityfocus.com.
 
Ranch Hand
Posts: 686
Mac
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Vijay,
So if we have Core J2EE patterns book do we need to purchase core security patterns.
 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
cant wait to read ... do this patterns substitute the container security and if so in what layers to apply ?
 
Ranch Hand
Posts: 1312
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
great book
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Does this book provide hints about what, when and how to secure different
aspects of a system. For example with JMS one approach might be to encrypt
data being sent via JMS or another alternative solution might be to run the
JMS over SSL.
Both approaches I feel are valid but the per message encryption approach
might be a bit of overkill.
 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This looks like a very interesting book. I'd like to ask though, does it cover subjects such as an effective way to implement J2EE security alongside database row level security?
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is an excellent opportunity to ask the authors of the book anything you like: they're our guests in the Security forum this week, and are answering questions about the book and (Java) security in general.
 
Richard Hands
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yeah, it looks like the saloon email sent out earlier today advertising this weeks book contest was accidentally pointing people to the wrong forum. I've sent an email to the head honcho's here in the saloon, and hopefully they'll send out a correction email later, and maybe a kind moderator could move the incorrectly positioned posts to the security forum please?
 
Ranch Hand
Posts: 106
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do you give some concrete example on the implementation of JAAS into the Servlet ? (for relying on a specific profiles repository)
is there something on the declarative security : put some meta data (JSR 175) into the code for tagging an intern (private) method of the servlet and delegate security control to the container
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think still this book would useful!
 
Author
Posts: 159
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Noel M OConnor:
Does this book provide hints about what, when and how to secure different
aspects of a system. For example with JMS one approach might be to encrypt
data being sent via JMS or another alternative solution might be to run the
JMS over SSL.
Both approaches I feel are valid but the per message encryption approach
might be a bit of overkill.



Noel,

Thanks for bringing this up.

The book discusses about all possible JMS Security options such as "Securing JMS Channel including message and transport", "JMS Provider Authentication", "Enabling JMS Destination Access Control". You need to be cautious about using these options...as all these options are not dictated by the JMS Specifications and it is more vendor specific.

/Ramesh
 
reply
    Bookmark Topic Watch Topic
  • New Topic