J2EE Security for Servlets, EJBs, and Web Services: Applying Theory and Standards to Practice

This is one the best books that I have ever read. The writing is very lucid and the author explains concepts in very clear and easy to understand manner. The utility tools are very, very useful. I have have been using them on a regular basis. The book also has good code snippets, diagrams and screen shots where necessary. But no space filling techniques ever.The coverage of topics is very good. Security, cannot have one sided view. The author did a good job of pulling together all aspects of securing a Java application (from code access security and class loading to cryptography to securing components to securing webservices) - he covers the whole gamut without getting lost.Ever since I bought this book, I have been carrying to work everyday. I buy LOT OF computer books, but rarely do I fall in love so much with them. I would put it on the same level as UML Distilled, J2EE Patterns and Bruce Eckel's Java. If you are doing Java Security, this is the one and only book you will ever read. To me, it has been inevitable.I sincerely thank the author and the publishers for not making this another 1200+ page book. This is about 400+ pages and doesn't put you off with its weight!

This book is an excellent compilation of security concepts explained in simple terms and with lots of well illustrative example code. Kumar has even provided benchmarking code to help developer choose appropriate technology for their own applications. Great book to have for security developers and students!

In my opinion, this book is the best Java Security book that is available today. I personally own Java Cryptography (Oreilly), Professional Java Security (Wrox), and Java Security (Oreilly) - and this book blows them all away. The author has created a free security toolkit that is very handy for real world applications. If you need to add any type of security feature to a J2EE application, then this is the book to buy.

Security is like spinach - it's good for you but not too many people like it. Most security books bore me to tears with page after page of description accompanying three lines of code. This book is different. This book is geared towards actual developers who are looking for not just explanations of security but useful examples showing how to make security work in their applications. The first section of the book is an introduction to security in general and Java security in particular. The next section looks at the basic technologies and APIs used for encryption, authentication, and authorization. This section starts with a look into cryptography and covers JCA and JCE. It continues with coverage of digital certificates and then looks at controlling access to resources by using policy files. This section ends with a look at SSL and securing XML messages. The final section examines using these technologies in various J2EE applications such as RMI, Servlets, EJBs, and Web Services. The explanations throughout the book are clear and easy to follow with plenty of code samples to demonstrate how to use the various APIs associated with security in Java programs. The best part of the book is the many code samples provided and the detailed descriptions accompanying these code samples. In addition, the author has provided a group of tools to assist with security development. Over all this is one of the best J2EE security books on the market. Note: In general, J2SE security is only covered when it involves J2EE issues but then this is "J2EE Security".

This book is a well written text providing a broad coverage of the many and varied security aspects of the Java platform. Despite the title, this book is valuable for developers using Java on both the J2SE and J2EE platforms.With chapters covering the use of cryptographic primitives like Ciphers and Certificates, XML Signatures and Encryption, the Java Security Manager and the configuration of J2EE security for web applications and EJB's this is a book containing topics that will provide value to a wide audience of Java developers.I will have no difficulty recommending this book to beginners and advanced developers alike with the topics introduced in a gentle but thorough manner, covering a wide variety of Java security topics, not just for J2EE.One of the best parts of the book is the examples. They are clear and well thought out, and the and use of the authors "java security toolkit (jstk)" (think of the Java keytool on steriods) is available for download from the books website.