1.5 Time to Market

The success of an enterprise depends on its agility. The ability of an enterprise to remain competitive means that it must innovate, adapt, and evolve rapidly to meet a continually changing marketplace . This agility includes support for standards and reusable software components .

1.5.1 Support for Essential Technical Standards

An e-business must contend with a broad range of technical standards and evolving technologies to meet the demands of the marketplace, regardless of whether the customer is internal to the organization or a third party. The set of important technical standards is broad, including HTML, XML, SQL, OMG's CORBA, SSL, PKI, Kerberos, Web Services, and SOAP. One of the key benefits of the Java development and deployment environment is that it supports these standards. In fact, unlike other programming languages, the Java language supports a broad range of technologies that bind an enterprise application together:

• Relational databases accessibility via JDBC and SQLJ

• Distributed systems via RMI-IIOP

• Asynchronous messaging via JMS

• XML, SOAP, and Web services

• Cryptography using JCA, JCE, CertPath, and JSSE

• Authentication and authorization via JAAS

1.5.2 Engineering Software in a Heterogeneous World

One of the difficult challenges in software design, development, and deployment is to engineer software to help achieve modularity. Although modularity can be achieved in many ways, one popular approach is to organize components or objects that can be mixed and matched to provide an integrated solution. Although the concept of object-oriented (OO) software has evolved over the past two decades, the current approach is to create and compose course-grained components that can be assembled to create applications. J2EE supports this model.

The classic design pattern for J2EE is to use servlets and JSP for presentation ”generation of HTML or XML and interaction with the client ”and transactional components via EJB. The development and deployment models treat these components as reusable, with well-defined interfaces that may be developed by multiple vendors and assembled to create applications. J2EE is intended to facilitate the creation and deployment of these software components. An emerging and popular approach to achieve modularity is the service-oriented software methodology that is being realized in the form of Web services.

Enterprises are not homogeneous islands of software technology purchased from a single software vendor. The reality is that the information technology propelling enterprises is purchased from multiple vendors, creating heterogeneous environments that are often difficult to integrate. J2EE and evolving standards, such as Web Services, work to bridge the gaps by offering a set of interoperable and platform-independent technologies. It is possible to produce J2EE applications that can be written on one platform and deployed in another. Servlets, JSP, and EJB applications can be developed and tested on a workstation and deployed on multiple mainframes or departmental servers. Each of these platforms may have radically different hardware and operating system architectures, but the J2EE model isolates the applications from many of these differences.

One of the most challenging aspects of application development and deployment is security. Most application developers are domain experts, not well versed in the nuances of information technology (IT) security. Correctly configuring software to prevent security breaches can be daunting, as witnessed by the number of security flaws discovered in popular desktop operating systems, applications, and Web servers. In fact, some enterprises have chosen to outsource their IT security to external security services providers. J2EE mitigates the difficulty of developing new secure applications by providing a development and deployment model that separates security policy and enforcement from application implementation. The design of J2EE is structured such that the developers are not required to be versed in security design and implementation. Security-configuration decisions can be deferred until the application is deployed, or installed. The J2EE containers ”the middleware that runs the servlet, JSP, and EJB software ”provide a broad range of standard security services that can be configured during the deployment of the applications. Removing security- related code from application code has a significant benefit. Security policies are no longer embedded within the applications. Therefore, it is far easier to change enterprise security policies and upgrade security services. In fact, it is no longer necessary to modify the application code to effect the changes. Changes to security policies are managed through the J2EE containers by the system administrator.

1.5.3 Time Is of the Essence

No matter what business you are in, bringing your product to market at a reasonable cost in a timely manner is essential. Software development and IT security are critical tasks , particularly in a complex world with many important technical standards. Java technologies, and J2EE in particular, simplify what would otherwise be a formidable task. J2EE brings together the elements essential for creating useful and secure applications that can be developed and deployed in a heterogeneous world. The J2EE framework provides high-value function and structure that reduce the time to market for the development of new applications and integration with existing systems and services. The remainder of this book elaborates on Java and J2EE security, providing a practical approach that includes examples.