Synopses & Reviews
Your complete guide to the what, why, where, and how of Java Security
In this unique guide, two Java security experts show you how to take full advantage of Java security technologies-cryptography, algorithms, and architecture. They explain today's Java security tools, concepts, protocols, and specifications, including ECC, RSA, MAC, ciphers, Kerberos, JAAS, JSSE, IPSec, X.509 certificates, PKI, and RMI. The book not only describes what each of the technologies is but also explains why it exists, when you should use it, and how to implement it. Packed with practical security solutions and lots of source code examples, it delivers all the know-how you need to work with Java security components and extend them in the real world.
This book enables you to:
* Apply Java security features effectively and efficiently
* Implement the cryptography components of JDK 1.4
* Work with security algorithms and ciphers
* Maintain secure communications within the enterprise
* Add security features to enterprise applications
* Ensure message authentication and data integrity
* Understand network security architecture
* Work with authentication, authorization, confidentiality, non-repudiation, and integrity
The companion Web site includes updates, references, and source code examples from the book.
Review
“…covers Java well…will be of great help..” (CVu, april 2005)
Synopsis
* Provides practical solutions, not just principles of security.
* Offers an in depth toolkit to the reader and explains how to use the tools to build a secure system.
* Introduces concepts of security patterns for designing systems, as well as security building blocks for systems.
* Discusses algorithms, cryptography and architecture.
* Addresse security for different application servers.
About the Author
Rich Helton has more than two decades of experience in computer and security systems. For the last twelve years, he has built secure NFS, Internet, and intranet systems as well as monitoring software for a wide variety of companies. He has served as lead Java architect specializing in security in such industries as brokerage, financial, telecommunications, and logistics. He is a certified Sun Java Developer, Sun Java Programmer, and BEA WebLogic 6.0 Developer, and he holds a masters degree in com-puter science from the University of Colorado. He contributed to BEA WebLogic Server Bible (Wiley, 2002).
Johennie Helton has nearly a decade of experience in object-oriented design and implementation for the automotive, financial, healthcare, and retail industries. She has a masters degree in computer science from the University of Colorado. She contributed chapters to Java Data Access: JDBC, JNDI, and JAXP (Wiley, 2002).
Table of Contents
Preface.
Acknowledgments.
Part I: Introduction to Security.
Chapter 1: Security Basics.
Chapter 2: Hackers and Their Tools.
Chapter 3: Java Security Components.
Part II: Identity and Authentication.
Chapter 4: Key Management Algorithms.
Chapter 5: Elliptic Curve Cryptography.
Chapter 6: Key Management Through the Internet Protocol.
Chapter 7: Implementing Keys with Java.
Chapter 8: Java Implementation of Key Management.
Part III: Data Integrity.
Chapter 9: Ensuring Data Integrity.
Chapter 10: Ensuring Message Authentication.
Chapter 11: Signature Integrity.
Part IV: Data Hiding.
Chapter 12: Understanding Ciphers.
Chapter 13: Extending New Ciphers with the JDK.
Chapter 14: Applying Ciphers.
Part V: Resource Access Using Java.
Chapter 15: Securing Enterprise Resources.
Chapter 16: Java Authentication and Authorization Through Kerberos.
Chapter 17: Securing Messages with the Java GSS-API.
Chapter 18: Java Access: The Security Manager.
Chapter 19: Java Authentication and Authorization Service.
Part VI: Enterprise Data Security.
Chapter 20: Working with Database Security.
Part VII: Network Access.
Chapter 21: Network Security Architecture.
Chapter 22: SSL and TLS.
Chapter 23: Java Secure Socket Extension.
Part VIII: Public Key Management.
Chapter 24: Java Digital Certificates.
Chapter 25: PKI Management.
Part IX: Enterprise Access.
Chapter 26: Java Enterprise Security and Web Services Security.
Chapter 27: Securing Client-Side Components.
Chapter 28: Securing Server-Side Components.
Chapter 29: Application Security with Java.
Index.