Very practical security book for java architects

This is a great book - by far the best security design book for Java and J2EE I have read to date. When I first heard about my coworkers talking about this book, I thought "oh great, another J2EE book!" Much to my surprise, this book is not just a how-to security API or patterns recipe book but much more than that - I see it as a collection of valuable suggestions and examples on how to choose security mechanisms and use them in J2EE applications and web services. Moreover, it tells you what the bestpractices, pitfalls and tradeoffs are for each design pattern option you take. Particularly, You will find this book as an ideal companion for CORE J2EE PATTERNS - Deepak Alur et al, which is my favorite for designing J2EE applications.

This book is as close to size of a pillow and I do understand why the authors gave only code snippets for selected examples instead of full implementation. The case study is just right, it discusses the scenario and how to incorporate the patterns right in to the application design..which is just right for an experienced developer but a budding developer may find it uncomfortable.

Having said that, I prefer this book as a must-have for any serious J2EE developer/designer/architect who wants to build Security from understanding basics of WHAT and know WHY you should architect your J2EE system in a particular way and not just HOW. Ultimately you will find this book as an onestop reference for building security in J2EE applications.

Other Reviews

• Very practical security book for java architects
• Excellent Security Book for Java/J2EE Programmers and Architects
• Best Java Security Book for J2EE and Web Services.
• Java security made easy. Excellent title worth investing on.