I had the chance to read this book titled "RESTful Java Web Services Security" from bit.ly/1myQc7O and here is my honest review on the same...
First chapter presented a very concrete way of setting up a development environment and a sample project. A brief on Maven is a very good read for it's beginners.
Second chapter started with an excellent illustration on importance of security and various aspects like authentication and authorization, although I feel it is more elaborated than required. Nevertheless, gives a good feeling for the readers new to security. Concrete examples are presented to explain different options for security management.
Third chapter is the place where you actually start diving deep into the core area of this book, starting with a precise differences between fine-grained and coarse-grained security. Code sample given is very good, and it is one of the common positive points for all the chapters in this book. I understand that lot of thought process must be behind framing those examples.
Fourth chapter starts with introduction to OAuth. While the explanation was brief, I felt, the OAuth process could have been explained much better with elaborative explanation. However, the implementation is clear. SSO configuration for security management was very well explained and inclusion of the (relatively) rare topic of "filters and interceptors" made this chapter a must-read. I could understand the author's extensive thought process in all the examples included in the chapter.
Final and the fifth chapter is more into the actual hard-core security concepts like Digital Signatures and the explanation was extremely well done, with the appropriate examples to apply digital signatures. The example to show how to use annotations to validate signatures is excellent.
Overall, this is a must-read book for someone wanting to develop web services for applications demanding high security. While the entire book revolves around Java as the programming language, the concepts are applicable to any language someone wishes to implement these on. Personally I felt very happy reading this book and the last chapter is the one that I enjoyed the most. I would surely recommend this book for beginner and advanced level programmers working in the relevant areas!
Well done, authors!
First chapter presented a very concrete way of setting up a development environment and a sample project. A brief on Maven is a very good read for it's beginners.
Second chapter started with an excellent illustration on importance of security and various aspects like authentication and authorization, although I feel it is more elaborated than required. Nevertheless, gives a good feeling for the readers new to security. Concrete examples are presented to explain different options for security management.
Third chapter is the place where you actually start diving deep into the core area of this book, starting with a precise differences between fine-grained and coarse-grained security. Code sample given is very good, and it is one of the common positive points for all the chapters in this book. I understand that lot of thought process must be behind framing those examples.
Fourth chapter starts with introduction to OAuth. While the explanation was brief, I felt, the OAuth process could have been explained much better with elaborative explanation. However, the implementation is clear. SSO configuration for security management was very well explained and inclusion of the (relatively) rare topic of "filters and interceptors" made this chapter a must-read. I could understand the author's extensive thought process in all the examples included in the chapter.
Final and the fifth chapter is more into the actual hard-core security concepts like Digital Signatures and the explanation was extremely well done, with the appropriate examples to apply digital signatures. The example to show how to use annotations to validate signatures is excellent.
Overall, this is a must-read book for someone wanting to develop web services for applications demanding high security. While the entire book revolves around Java as the programming language, the concepts are applicable to any language someone wishes to implement these on. Personally I felt very happy reading this book and the last chapter is the one that I enjoyed the most. I would surely recommend this book for beginner and advanced level programmers working in the relevant areas!
Well done, authors!