Core Security Patterns is the hands-on practitioner’s guide to building robust end-to-end security into J2EE enterprise applications, Web services, identity management systems, and service provisioning solutions. Written by three leading Java security architects, the patterns-based approach fully reflects today's best practices for security in large-scale, industrial-strength applications.

The authors explain the fundamentals of Java application security from the ground up, then introduce a powerful structured security methodology, a vendor-independent security framework, a detailed assessment checklist, and twenty-three proven security architectural patterns. They walk through several realistic scenarios, covering architecture and implementation and presenting detailed sample code. They demonstrate how to apply cryptographic techniques, obfuscate code, establish secure communication, secure J2ME applications, authenticate and authorize users, fortify Web services, and even enable effective single sign-on identity management.

Core Security Patterns covers all this, and more:

• What works and what doesn’t: best Java application security practices, and common pitfalls to avoid
• Implementing key Java platform security features in real-world applications
• Establishing state-of-the-art Web services security using XML Signature, XML Encryption, XKMS, WS-Security, and WS-I Basic security profiles
• Designing identity management and service provisioning systems using SAML, Liberty, XACML, and SPML
• Architecting and implementing federated identity management systems
• Securing J2EE applications that must interoperate with Microsoft .NET
• Defensive strategies, proactive security assessment techniques, and evaluation checklists
• End-to-end case study: architecting, designing, and implementing an end-to-end security solution for a large scale J2EE Enterprise application