Enterprise Security with EJB and CORBA(r)

More than a year passed since i reviewed this book and still it remains 5 stars.It is kind of unique book which gives not just authentication, network security or protocols, but the security of application-server based solution.It is a reality that modern enterprise application runs in a sort of application server - be it .NET, J2EE or CORBA-based. It implies quite different approach to the security aspects, comparing to stand-alone application. And this book completely covers this aspect. It contains little source code, but in the security world the less you code the more you secure.One of minus is lack of .NET security and integration with J2EE security... may be this will be next book?I would recommend this book to software architects, project managers and professionals working on enterprise systems integration.

I've been using this book for a couple of months now and I have found it pretty invaluable. It manages to give a good technical explanation (I mean at the designer/programmer level) as well as include information on the big picture. It covers, in considerable detail, role based security, RBAC, RAD, both EJB and CORBA solutions, and ends with a discussion of how you might build an integrated security system for a fictitous company called eBusiness.comOn the downside there are several minuses which will hopefully be corrected in a future edition1. The UML diagrams are incorrect, in that they nearly all have the aggregation symbol at the wrong end2. The fact that the book was written by several authors shows, in that the same idea shows up in several places in the book, without correlation. Not that there's anything contradictory about that. It would be nice if the different "definitions" or explanations were somehow collected in one place. For example, there's two discussions of security servers, with neither one aware of the other. The second discussion (p. 331-332) is not even referenced in the index.3. There's very little discussion of performance issues. This is a particular sore point, considering they spend considerable amount of space discussing (even promoting) EJB security with no mention of its downside (its too slow)All in all, though, I highly recommend this book be read by architects, and app developers as well as product managers before diving into security development for your application

Up to now, this book is unique in its kind, as it really covers the security aspects of distributed applications as we see them more and more these days. The authors do not only cover (very new) technologies and standards from the domain of EJB and CORBA, they also make us aware of their integration with legacy systems and network security. I liked the way they try to pass their knowledge and experience to the reader. Despite the fact that it is written by three persons, the book is of a consistent style. An example application serves troughout the book to explain the coved topics. Altough it is a small and simple application (real world is tougher...), it shows amazingly well what problems have to be dealt with in the enterprise. The book won't give you answers to all your question, but will certainly help to find your own. I recommend it reading from cover to cover, later chapters do refer to earlier ones. Definitely a useful book!