• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

To Authors - On Security Management Solutions

 
author
Posts: 4278
34
jQuery Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In what ways does your book cover existing security management solutions such as those available from the server publishers such as WebSphere/WebLogic? Does your book recommend an existing solution in particular, or would you recommend a built-from-the-ground-up solution for companies looking to add security features to their existing J2EE application?

While it is a book of patterns, I'm curious how applicable the book is for those looking to take an existing J2EE application and existing security solution and integrate them.
 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Our book is fairly generic and strives not to address vendor specific solutions. The whole point of Java and J2EE is to provide a vendor-independent way to build applications. Many vendors, IBM specifically, have proprietary security solutions that you may leverage. The problem is that your application then becomes tied to that vendor. In the real world, I realize most often applications are never ported from one vendor to another. It may make sense to leverage vendor specific security functionality.

I do see however, that most developers move around a lot and end up working with many different vendor implementations. Therefore, it may make more sense for you as a developer, to learn and use vendor-independent techniques such as those prescribed in the book. In either case, many of the patterns address problems that are not solved by any vendor implementations and must be implemented in the application. You, as the developer, should be aware of what patterns to use and when to use them.
 
Author
Posts: 159
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Adding to Chris's points,

To facilitate security for existing J2EE applications as (an add-on or refactoring) the implementation strategies described as part of the patterns would able to help a lot. This applies well to all J2EE compliant vendor solutions.
 
Scott Selikoff
author
Posts: 4278
34
jQuery Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Are there any chapters that discuss or comment about proprietary solutions? I share your view that J2EE should be vendor independent, but I've been in situations where I had to use vendor solutions and I'm curious how they fit into the mold or if they are so different, that they don't fit anywhere at all.
 
Ramesh Nagappan
Author
Posts: 159
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Scott Selikoff:
Are there any chapters that discuss or comment about proprietary solutions? I share your view that J2EE should be vendor independent, but I've been in situations where I had to use vendor solutions and I'm curious how they fit into the mold or if they are so different, that they don't fit anywhere at all.



<RN>

We carefully avoided not to discuss about non-standard or proprietary vendor solution. In some cases to illustrate examples (for Web services, Identity Management and Service provisioning), we discussed security patterns using popular open-source Java frameworks such as Apache Struts, Spring, Axis, OpenSAML and OpenSPML.

</RN>
 
Time flies like an arrow. Fruit flies like a banana. Steve flies like a tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic