1.5 Time to Market
The success of an enterprise depends on its agility. The ability of an enterprise to
competitive means that it must innovate, adapt, and
to meet a continually changing
. This agility includes support for standards and reusable software
1.5.1 Support for Essential Technical Standards
An e-business must contend with a broad range of technical standards and evolving technologies to meet the demands of the marketplace, regardless of whether the customer is internal to the organization or a third party. The set of important technical standards is broad, including HTML, XML, SQL, OMG's CORBA, SSL, PKI, Kerberos, Web Services, and SOAP. One of the key benefits of the Java development and deployment environment is that it supports these standards. In fact, unlike other programming languages, the Java language supports a broad range of technologies that bind an enterprise application together:
Relational databases accessibility via JDBC and SQLJ
Distributed systems via RMI-IIOP
Asynchronous messaging via JMS
XML, SOAP, and Web services
Cryptography using JCA, JCE, CertPath, and JSSE
Authentication and authorization via JAAS
1.5.2 Engineering Software in a Heterogeneous World
One of the difficult challenges in software design, development, and deployment is to engineer software to help achieve modularity. Although modularity can be achieved in many ways, one popular approach is to organize components or objects that can be mixed and matched to provide an integrated solution. Although the concept of object-oriented (OO) software has evolved over the past two decades, the current approach is to create and compose course-grained components that can be
to create applications. J2EE supports this model.
The classic design pattern for J2EE is to use servlets and JSP for presentation ”generation of HTML or XML and interaction with the client ”and transactional components via EJB. The development and deployment models treat these components as reusable, with
interfaces that may be developed by multiple
and assembled to create applications. J2EE is intended to facilitate the creation and deployment of these software components. An emerging and popular approach to achieve modularity is the service-oriented software methodology that is being realized in the form of Web services.
Enterprises are not homogeneous islands of software technology purchased from a single software vendor. The reality is that the information technology propelling
is purchased from multiple vendors, creating heterogeneous environments that are often difficult to integrate. J2EE and evolving standards, such as Web Services, work to bridge the gaps by offering a set of interoperable and platform-independent technologies. It is possible to produce J2EE applications that can be written on one platform and deployed in another. Servlets, JSP, and EJB applications can be developed and
on a workstation and deployed on multiple mainframes or departmental servers. Each of these platforms may have
different hardware and operating system architectures, but the J2EE model isolates the applications from many of these differences.
One of the most challenging aspects of application development and deployment is security. Most application developers are domain experts, not well versed in the
of information technology (IT) security. Correctly configuring software to prevent security breaches can be daunting, as witnessed by the number of security flaws
in popular desktop operating systems, applications, and Web servers. In fact, some enterprises have
to outsource their IT security to external security services providers. J2EE mitigates the difficulty of developing new secure applications by providing a development and deployment model that separates security policy and enforcement from application implementation. The design of J2EE is structured such that the developers are not required to be versed in security design and implementation. Security-configuration decisions can be deferred until the application is deployed, or installed. The J2EE containers ”the middleware that runs the servlet, JSP, and EJB software ”provide a broad range of standard security services that can be configured during the deployment of the applications. Removing security-
code from application code has a significant benefit. Security policies are no longer embedded within the applications. Therefore, it is far easier to change enterprise security policies and upgrade security services. In fact, it is no longer necessary to modify the application code to effect the changes. Changes to security policies are managed through the J2EE containers by the system administrator.
1.5.3 Time Is of the Essence
No matter what business you are in, bringing your product to market at a reasonable cost in a
manner is essential. Software development and IT security are critical
, particularly in a complex world with many important technical standards. Java technologies, and J2EE in particular, simplify what would
be a formidable task. J2EE
together the elements essential for creating useful and secure applications that can be developed and deployed in a heterogeneous world. The J2EE framework provides
function and structure that reduce the time to market for the development of new applications and integration with existing systems and services. The remainder of this book elaborates on Java and J2EE security, providing a practical approach that includes examples.