Core Security Patterns Best Practices and Strategies for J2EE, Web Services, and Identity Management
by Steel, Christopher; Nagappan, Ramesh; Lai, RayEdition: 1st
Format: Hardcover
Pub. Date: 2005-10-14
Publisher(s): Prentice Hall
Other versions by this Author
-
This Item Qualifies for Free Shipping!*
*Excludes marketplace orders.
List Price: $73.49
Rent Book
Select for Price
New Book
We're Sorry
Sold Out
Used Book
We're Sorry
Sold Out
eBook
We're Sorry
Not Available
How Marketplace Works:
- This item is offered by an independent seller and not shipped from our warehouse
- Item details like edition and cover design may differ from our description; see seller's comments before ordering.
- Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
- Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
- Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.
Summary
An in-depth treatment of J2EE security architectural patterns and practices and how to apply them optimally to enterprise applications.
Author Biography
Ray Lai is Principal Engineer at Sun Microsystems.
Table of Contents
| Foreword | |
| Foreword | |
| Preface | |
| Acknowledgments | |
| About the Authors | |
| Introduction | |
| Security by Default | |
| Business Challenges Around Security | |
| What Are the Weakest Links? | |
| The Impact of Application Security | |
| The Four W's | |
| Strategies for Building Robust Security | |
| Proactive and Reactive Security | |
| The Importance of Security Compliance | |
| The Importance of Identity Management | |
| The Importance of Java Technology | |
| Making Security a "Business Enabler" | |
| Summary | |
| References | |
| Basics of Security | |
| Security Requirements and Goals | |
| The Role of Cryptography in Security | |
| The Role of Secure Sockets Layer (SSL) | |
| The Importance and Role of LDAP in Security | |
| Common Challenges in Cryptography | |
| Threat Modeling | |
| Identity Management | |
| Summary | |
| References | |
| Java Security Architecture and Technologies | |
| The Java 2 Platform Security | |
| Java Security Architecture | |
| Java Applet Security | |
| Java Web Start Security | |
| Java Security Management Tools | |
| J2ME Security Architecture | |
| Java Card Security Architecture | |
| Securing the Java Code | |
| Summary | |
| References | |
| Java Extensible Security Architecture and APIs | |
| Java Extensible Security Architecture | |
| Java Cryptography Architecture (JCA) | |
| Java Cryptographic Extensions (JCE) | |
| Java Certification Path API (CertPath) | |
| Java Secure Socket Extension (JSSE) | |
| Java Authentication and Authorization Service (JAAS) | |
| Java Generic Secure Services API (JGSS) | |
| Simple Authentication and Security Layer (SASL) | |
| Summary | |
| References | |
| J2EE Security Architecture | |
| J2EE Architecture and Its Logical Tiers | |
| J2EE Security Definitions | |
| J2EE Security Infrastructure | |
| J2EE Container-Based Security | |
| J2EE Component/Tier-Level Security | |
| J2EE Client Security | |
| EJB Tier or Business Component Security | |
| EIS Integration Tier-Overview | |
| J2EE Architecture--Network Topology | |
| J2EE Web Services Security-Overview | |
| Summary | |
| References | |
| Web Services Security and Identity Management | |
| Web Services Security--Standards and Technologies | |
| Web Services Architecture and Its Building Blocks | |
| Web Services Security--Core Issues | |
| Web Services Security Requirements | |
| Web Services Security Standards | |
| XML Signature | |
| XML Encryption | |
| XML Key Management System (XKMS) | |
| OASIS Web Services Security (WS-Security) | |
| WS-I Basic Security Profile | |
| Java-Based Web Services Security Providers | |
| XML-Aware Security Appliances | |
| Summary | |
| References | |
| Identity Management Standards and Technologies | |
| Identity Management--Core Issues | |
| Understanding Network Identity and Federated Identity | |
| Introduction to SAML | |
| SAML Architecture | |
| SAML Usage Scenarios | |
| The Role of SAML in J2EE-Based Applications and Web Services | |
| Introduction to Liberty Alliance and Their Objectives | |
| Liberty Alliance Architecture | |
| Liberty Usage Scenarios | |
| The Nirvana of Access Control and Policy Management | |
| Introduction to XACML | |
| XACML Data Flow and Architecture | |
| XACML Usage Scenarios | |
| Summary | |
| References | |
| Security Design Methodology, Patterns, and Reality Checks | |
| The Alchemy of Security Design--Methodology, Patterns, and Reality Checks | |
| The Rationale | |
| Secure UP | |
| Security Patterns | |
| Security Patterns for J2EE, Web Services, Identity Management, and Service Provisioning | |
| Reality Checks | |
| Security Testing | |
| Adopting a Security Framework | |
| Refactoring Security Design | |
| Table of Contents provided by Publisher. All Rights Reserved. |
Excerpts
"The problems that exist in the world todaycannot be solved by the level of thinking that created them."--Albert Einstein Security now has unprecedented importance in the information industry. It compels every business and organization to adopt proactive or reactive measures that protect data, processes, communication, and resources throughout the information lifecycle. In a continuous evolution, every day a new breed of business systems is finding its place and changes to existing systems are becoming common in the industry. These changes are designed to improve organizational efficiency and cost effectiveness and to increase consumer satisfaction. These improvements are often accompanied by newer security risks, to which businesses must respond with appropriate security strategies and processes. At the outset, securing an organization's information requires a thorough understanding of its security-related business challenges, potential threats, and best practices for mitigation of risks by means of appropriate safeguards and countermeasures. More importantly, it becomes essential that organizations adopt trusted proactive security approaches and enforce them at all levels--information processing, information transmittal, and information storage. What This Book Is About This book is meant to be a hands-on practitioner's guide to security. It captures a wealth of experience about using patterns-driven and best practices-based approaches to building trustworthy IT applications and services. The primary focus of the book is on the introduction of a security design methodology using a proven set of reusable patterns, best practices, reality checks, defensive strategies, and assessment checklists that can be applied to securing J2EE applications, Web Services, Identity Management, Service Provisioning, and Personal Identification. The book presents a catalog of 23 new security patterns and 101 best practices, identifying use case scenarios, architectural models, design strategies, applied technologies, and validation processes. The best practices and reality checks provide hints on real-world deployment and end-user experience of what works and what does not. The book also describes the architecture, mechanisms, standards, technologies, and implementation principles of applying security in J2EE applications, Web Services, Identity Management, Service Provisioning, and Personal Identification and explains the required fundamentals from the ground up. Starting with an overview of today's business challenges, including the identification of security threats and exploits and an analysis of the importance of information security, security compliance, basic security concepts, and technologies, the book focuses in depth on the following topics: Security mechanisms in J2SE, J2EE, J2ME, and Java Card platforms Web Services security standards and technologies Identity Management standards and technologies Security design methodology, patterns, best practices, and reality checks Security patterns and design strategies for J2EE applications Security patterns and design strategies for Web Services Security patterns and design strategies for Identity Management Security patterns and design strategies for Service Provisioning Building an end-to-end security architecture--case study Secure Personal Identification strategies for using Smart Cards and Biometrics The book emphasizes the use of the Java platform and stresses its importance in developing and deploying secure applications and services. What This Book Is Not While this book is heavily based on Java technologies, we do not describe the specific Java APIs intended for basic J2EE application development (e.g., JSPs, Servlets, and EJB). If you wish to learn the individual API
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.