Rating: 
Summary: A to Z Security handbook for Java/J2EE Developers
Review: Kumar has produced a wonderful book which not only covers J2EE security but the full Java security model. In addition the book contains an excellent primer on security that, in my opinion, is worth the price of the book alone. The examples are clear, robust, and add a great deal to the learning experience. If you build applications in Java this book should be in your collection.
Rating:
Summary: Great Introduction to Security Concepts and Solutions
Review: Kumar's book is a straightforward introduction to web security that covers a broad area. This is an ideal book for anyone new to security and trying to understand the breadth of it. The book covers issues like basic authentication, SSL, digests, keys, etc. The author provides sample code that is straightforward and to the point -- something that you can get up and running very quickly. I personally learn best when I can read a concise explanation of a given technology and then see clear sample code that I can run and experiment with. This book provides all of that. It's not too heavy on code, and not too light or obscure on explanations -- it's a great mix. To his credit, the author keeps the text simple and easy to read, so that even the most novice developer can gain from his insights -- but robust enough that experienced developers can learn about security issues and start coding in a short period of time. This book doesn't cover every subtle nuance of security, but rather covers security with enough breadth that the reader is introduced to many security issues and is given recommendations on how to deter or prevent security breaches. This book is useful for anyone who is relatively new to security and who wants a good introduction as well as lots of sample code to help them understand the concepts. This is the book I wish had been available when I first started learning about security issues. It's still very useful to me, since it covers areas that I have not yet dealt with, but likely will in the future. This book will expose you to a broad collection of security issues and solutions and will get you coding in a short period of time. The code samples alone make the book a valuable reference. While it's not a panacea for all security issues, it's the perfect guide for beginning and advanced developers.
Rating:
Summary: Great Introduction to Security Concepts and Solutions
Review: Kumar's book is a straightforward introduction to web security that covers a broad area. This is an ideal book for anyone new to security and trying to understand the breadth of it. The book covers issues like basic authentication, SSL, digests, keys, etc. The author provides sample code that is straightforward and to the point -- something that you can get up and running very quickly. I personally learn best when I can read a concise explanation of a given technology and then see clear sample code that I can run and experiment with. This book provides all of that. It's not too heavy on code, and not too light or obscure on explanations -- it's a great mix. To his credit, the author keeps the text simple and easy to read, so that even the most novice developer can gain from his insights -- but robust enough that experienced developers can learn about security issues and start coding in a short period of time. This book doesn't cover every subtle nuance of security, but rather covers security with enough breadth that the reader is introduced to many security issues and is given recommendations on how to deter or prevent security breaches. This book is useful for anyone who is relatively new to security and who wants a good introduction as well as lots of sample code to help them understand the concepts. This is the book I wish had been available when I first started learning about security issues. It's still very useful to me, since it covers areas that I have not yet dealt with, but likely will in the future. This book will expose you to a broad collection of security issues and solutions and will get you coding in a short period of time. The code samples alone make the book a valuable reference. While it's not a panacea for all security issues, it's the perfect guide for beginning and advanced developers.
Rating:
Summary: Lots of sample code
Review: Security is like spinach - it's good for you but not too many people like it. Most security books bore me to tears with page after page of description accompanying three lines of code. This book is different. This book is geared towards actual developers who are looking for not just explanations of security but useful examples showing how to make security work in their applications. The first section of the book is an introduction to security in general and Java security in particular. The next section looks at the basic technologies and APIs used for encryption, authentication, and authorization. This section starts with a look into cryptography and covers JCA and JCE. It continues with coverage of digital certificates and then looks at controlling access to resources by using policy files. This section ends with a look at SSL and securing XML messages. The final section examines using these technologies in various J2EE applications such as RMI, Servlets, EJBs, and Web Services. The explanations throughout the book are clear and easy to follow with plenty of code samples to demonstrate how to use the various APIs associated with security in Java programs. The best part of the book is the many code samples provided and the detailed descriptions accompanying these code samples. In addition, the author has provided a group of tools to assist with security development. Over all this is one of the best J2EE security books on the market. Note: In general, J2SE security is only covered when it involves J2EE issues but then this is "J2EE Security".
Rating: 
Summary: A little bit of everything
Review: The title is, definitely, misleading: it does not cover the subject of J2EE security. One cannot build a secure application with this book! There are lots of great books on the Standard Edition security, and there is no need to go over it again, particularly when J2EE presents so many new issues and problems one needs to take care in order to build a commercial application. Otherwise the book is easy to read and understand.
Rating:
Summary: Lacks insight in real Java/J2EE security issues
Review: This book gives a Hello world view to J2EE security. The book claims to cover complete J2SE and J2EE security issues, but I found there are lot of missing pieces. From Chapter 1 - Chapter 7, the author discusses around the basic Java security and forgot to discuss where these stuff is really applied in real world J2SE scenaros. Infact, the author comfortably skipped some of key J2SE security related issue on Applets, Java Web start and standalone Java applications. The coverage on JAAS, JSSE, JCert is at very high level nothing more than HelloWorld. The author completely forgot how to use JAAS, JSSE in J2EE components such as EJBs,Servlets etc. The author just provided only examples for simple security stuff like RMI, Servlets and EJBs and comfortably skipped issues around RMI security over firewalls, HTTP tunneling, RMI clustering, Single sign-on issues...! I stopped reading till here at chapter 7 !!! This book is DEFINITELY NOT for a Java/J2ee developer who aspires to learn J2EE security or best practices around J2EE security. You will be better of reading the free J2EE blueprints from java.sun.com.
Rating:
Summary: Misleading title and incomplete book
Review: This book is a "Hello World" to basic security...beyond that nothing more. Practically speaking, you would not able to implement a complete security architecture by using this book. The Book has 11 chapters, the authors starts talking about J2EE security at chapter 9. And the title is truly misleading, the author completely forgot what is part of J2EE 1.4 especially the JAX Security APIs. In a J2EE security point, the author just stopped at Declarative security and did not go in the details of complexities such as Single sign-on or maintaining session security etc. Web services security...the author stopped at illustrating a repeated example from Apache Axis. Author completely forgot about Web services security enablers such as SAML, XACML, XKMS... Liberty etc. There is no chapter to show how to put-to-gether all these APIs in a real world J2EE application. Why should I read the book if it is repeating the API examples from the Java site. Bottomline: You would be better.. if you choose to read the basic Java/J2EE security tutorial posted at Java site than reading this book. SAVE YOUR MONEY.
Rating:
Summary: Misleading title and incomplete book
Review: This book is a "Hello World" to basic security...beyond that nothing more. Practically speaking, you would not able to implement a complete security architecture by using this book. The Book has 11 chapters, the authors starts talking about J2EE security at chapter 9. And the title is truly misleading, the author completely forgot what is part of J2EE 1.4 especially the JAX Security APIs. In a J2EE security point, the author just stopped at Declarative security and did not go in the details of complexities such as Single sign-on or maintaining session security etc. Web services security...the author stopped at illustrating a repeated example from Apache Axis. Author completely forgot about Web services security enablers such as SAML, XACML, XKMS... Liberty etc. There is no chapter to show how to put-to-gether all these APIs in a real world J2EE application. Why should I read the book if it is repeating the API examples from the Java site. Bottomline: You would be better.. if you choose to read the basic Java/J2EE security tutorial posted at Java site than reading this book. SAVE YOUR MONEY.
Rating:
Summary: Not just J2EE security, covers J2SE as well
Review: This book is a well written text providing a broad coverage of the many and varied security aspects of the Java platform. Despite the title, this book is valuable for developers using Java on both the J2SE and J2EE platforms.
With chapters covering the use of cryptographic primitives like Ciphers and Certificates, XML Signatures and Encryption, the Java Security Manager and the configuration of J2EE security for web applications and EJB's this is a book containing topics that will provide value to a wide audience of Java developers.
I will have no difficulty recommending this book to beginners and advanced developers alike with the topics introduced in a gentle but thorough manner, covering a wide variety of Java security topics, not just for J2EE.
One of the best parts of the book is the examples. They are clear and well thought out, and the and use of the authors "java security toolkit (jstk)" (think of the Java keytool on steriods) is available for download from the books website.
Rating:
Summary: Excellent primer on security!
Review: This book is an excellent compilation of security concepts explained in simple terms and with lots of well illustrative example code. Kumar has even provided benchmarking code to help developer choose appropriate technology for their own applications. Great book to have for security developers and students!
| 
