Most Helpful Customer Reviews
GlassFish Security: Covers Java EE 6 Security based on 0 ratings. 1 reviews.
The use of security in a java application is an important and potentially complex issue. Especially when it comes to having that application use security data from an external source. The book shows how Glassfish can be an intermediary that handles the security interfacing in a secure, well tested manner. The book describes important cases of external sources - like a flat file or a SQL table of usernames and passwords. For each case, Glassfish can make, or more to the point, lets you configure an appropriate security realm that uses the source. The text also describes public key cryptography and the concept of a Certificate Authority. Various java tools are shown that let your code access a CA. In terms of the mathematical treatments, there is none! While PKI has a deep mathematical grounding, at the level of usage by Glassfish, all the math details are subsumed. Some readers will be relieved, for you don't have to know the rigour behind PKI to use it. You can also see that copious XML snippets are used and generated by Glassfish. This is a declarative approach to configuring security, that is often easier than an alternative programmatic style. Initially, the XML examples can seem verbose and forbidding. But you should try to take the time to read and understand the XML. The examples are largely self documenting to a wetware engine like yourself. The book illustrates the modular nature of Glassfish. For advanced readers, you can replace various modules with your own custom mods. But tbis, candidly, might best be done only by readers already well versed in the use of a generic Glassfish.