Sunday, July 18, 2010

Review "GlassFish Security" by Masoud Kalali (PACKT Publishing)

The last weeks were full of work. But my evenings were dedicated to a newly published book.
Book: GlassFish Security
Language : English
Paperback : 296 pages [ 235mm x 191mm ]
Release Date : May 2010
ISBN : 1847199380
ISBN 13 : 978-1-847199-38-6
Author(s) : Masoud Kalali

The author
It's title promises to tell you everything about GlassFish security in detail. Beginning from secure GlassFish installations to secure enterprise Java applications (Web, EJB, Clients) including audits and measures. That was motivation enough to take the time working through the nearly 300 pages. It is written by Masoud Kalali. He has a software engineering degree and has been working on software development projects since 1998. He has experience with a variety of technologies (.NET, J2EE, CORBA, and COM+) on diverse platforms (Solaris, Linux, and Windows). His experience is in software architecture, design, and server-side development, high throughput and large scale software systems. Masoud has published several articles at Java.net and Dzone. He has authored multiple refcards, published by Dzone, including but not limited to Using XML in Java, Java EE Security and GlassFish v3 refcardz. He is one of the founder members of NetBeans Dream Team and a GlassFish community spotlighted developer.
Altogether this proofs for a good read and that was what I expected.

The content
The book has eight chapters. After a short introduction to the Java EE security model in chapter one it moves on to GlassFish security realms. Another twenty something pages tell you about designing and developing secure Java EE applications. Chapter four dives into secure GlassFish environments followed by the fifth chapter caring for a secure GlassFish itself. Done with those, you are half through at page 146. The second half of the book is dedicated to two other products from the former Sun stack. Open Directory Services (OpenDS) is introduced in Chapter six. Followed by an introduction to OpenSSO (Open Single Sign-On) in chapter seven. Chapter eight describes how to secure Java EE applications using OpenSSO. The last chapter nine is dedicated to Web Service security with Open SSO. Each chapter is finished by a separate summary. The book closes with an index. Makes 275 content pages.

Writing and style
The book is an easy read. Not to complicated even for non native speakers like me. The author takes the time and space needed to describe most basic concepts and contexts. Very frequent links and tips in separate boxes help the reader to find out more about most of the topics. I also like the paperback and the format. It is easy to carry around and to use it as a compendium.

My expectations
To be honest, I expected to read more about GlassFish and security as the title promised. Half the book the author is working with OpenDS and OpenSSO. Both not part of the GlassFish family and not necessarily related to Enterprise Java development. For sure, both products address problems developers face working. But every enterprise has it's own solution for this. And I personally do meet commercial products far more often.
The Java EE security basics are suitable for beginners. Nothing new to me and quite surprising, because I was looking for GlassFish specific content. It was there but only in between and not too prominent.
The most valuable to me are the GlassFish specific chapters about secure environments, realms and security administration.
I was disappointed not to see any personal tips and best practices from the author. As already said, he has quite some experience and you can even feel this reading the chapters. But the details are missing.

Conclusion and recommendation
After all my criticism: This is a good book worth reading. Not only for experts but especially for beginners. The experts might like it as reference book. Beginners get a most complete introduction to all security related issues around Java EE with GlassFish 2 and 3. Even if you should know Java EE and GlassFish prior to reading.