Our book is fairly generic and strives not to address vendor specific solutions. The whole point of Java and J2EE is to provide a vendor-independent way to build applications. Many vendors, IBM specifically, have proprietary security solutions that you may leverage. The problem is that your application then becomes tied to that vendor. In the real world, I realize most often applications are never ported from one vendor to another. It may make sense to leverage vendor specific security functionality.
I do see however, that most developers move around a lot and end up working with many different vendor implementations. Therefore, it may make more sense for you as a developer, to learn and use vendor-independent techniques such as those prescribed in the book. In either case, many of the patterns address problems that are not solved by any vendor implementations and must be implemented in the application. You, as the developer, should be aware of what patterns to use and when to use them.