Chapter 16. Epilogue In this book, we have described the security of the Java 2 Enterprise Edition platform. After introducing the general concepts of Java and network security, we have outlined the security of the core J2EE technologies: Java Servlet, JavaServer Pages, and Enterprise JavaBeans. Then, we covered the architecture of Java 2 Standard Edition security and the Java 2 permission model, showing how it is augmented by Java Authentication and Authorization Service. Given that cryptography has become an essential part in any security system, we have detailed the general concepts of secret-key and public-key cryptography and have shown how these technologies can be used in the Java Cryptography Architecture, Java Cryptography Extension, Java Secure Socket Extension, Public-Key Cryptography Standards, and Secure/Multipurpose Internet Mail Extensions. Finally, we have discussed the security implications of the emerging Web Services technology in a J2EE environment and have concluded by showing what security considerations a J2EE container provider should take into account when designing and developing a J2EE product. This short chapter represents the epilogue of this long adventure through enterprise Java security. We believe that J2EE is a powerful platform to create secure computer systems. Because of its unique design, J2EE offers many safety and security advantages over alternative approaches. In this book, we have illustrated this fact and, we hope, given you some insight into how to create secure enterprise Java applications, how to use J2EE to protect assets, and how to do so securely. |