The book covers the following open source products, and focuses on how they can be integrated together to form a complete "OpenSOA Platform":
Composite Services/Framework - Apache Tuscany
BPM - JBoss jBPM
ESB/Web Service Mediation - Apache Synapse
Business Rules - JBoss Rules/Drools
Complex Event Processing - Esper
Unit Testing - soapUI
Obviously, for each of these categories, there are multiple high-quality open source alternatives available. In particular, the ESB space is rich with high-quality open source products, but I couldn't cover them all in the book, and I find Synapse to be a very easy-to-use lightweight ESB that provides outstanding functionality.
An example of where I discuss how these products can be integrated is jBPM, which I demonstrate how it can be used in tandem to Apache Tuscany to service enable that BPM product so that process instances can be kicked off through a variety of protocols such as JMS and SOAP. I also have several real-life case studies that tie together these products.
I touch on security a little in the book, but it certainly isn't a focus (that's not to suggest it's not very important, just that it was outside the scope). Primarily, I touch on security during the discussion of Apache Synapse, where I demonstrate how it can be used for handling WS-Security for SOAP-related web services. I also describe its features as it relates to monitoring and managing service levels, which enables you to restrict how many API operations a given customer can invoke within a given period along with some firewall-type capabilities it provides. In the chapter on Esper, I point out that it can be used to monitor for any unusual activity that may be occurring, such as an unusual number of requests or other tell-tale signs that your enterprise may be under attack.