Book Highlights

• Developer focus: This book is written for Java developers by a Java developer (who happens to have worked on some J2EE projects with stringent security requirements). In the book, you will find a lot of discussion around various Java APIs, tools, development platform products and code fragments but little about cryptographic theories, secure protocol design, viruses/worms/trojan horses, firewalls etc. Look at the Table of Contents for a detailed listing of topics covered. Note that though the title of the book has "J2EE", there is signficant coverage of security relavant APIs and tools belonging to J2SE that are needed for developing J2EE based secure applications.
• Big picture, small picture and again, big picture: A real danger for a typical Java developer is to be lost in security related details. This is addressed in the book by starting with an introduction to the overall security area, a deep dive into Java application security and finally, ending with a summary tying together the topics covered in the main text.
• Compilable example programs: The Java security APIs and concepts are illustrated with small and independent working examples, with appropriate explanation of main ideas within the book. The complete source files can also be browsed online, and/or compilable distribution can be downloaded as a single ZIP file.
• Reusable tools: The book develops a number of utility programs that provide additional capabilities and can be useful to the reader in his/her work. Examples of functionality provided by these utility programs include: list the available cryptographic service providers and their capabilities; perform cryptographic operations such as encryption/decryption, signing/verification, key generation, MAC and digest computation and so on; issue signed certificates etc. The source code of these utlities is also available online.
• Emphasis on program performance: Realizing that a number of design and implementation decisions ignore security in favor of application performance, the book contains ample discussion and measurements on performance costs of security operations: cost of encryption and decryption and how they vary by algorithm; comparison of connection overhead and data transfer rate with (a) plain TCP/IP and SSL; (b) HTTP and HTTPS; cost of access control operations and so on.
• Best-of-breed products: Best-of-breed products are used to illustrate the concepts and develop the example programs: Apache Tomcat as the Servlet and JSP engine; as the EJB engine; Apache Axis as the Web Services platform and as the library for XML-Signature and XML-Encryption.
• Building block approach: Wherever possible, the concepts, APIs, tools and examples of a later chapter are built on top of the foundation built in the earlier chapters.
• Learn to solve problems: The book is designed to help you solve security problems in distributed application development. For example, the chapter RMI Security identifies the typical security problems with a RMI based application and then goes on discussing various ways of addressing these problems.