This post originated from an RSS feed registered with Java Buzz by Michael Cote. Original Post: Java Security, 2nd Edition Feed Title: Cote's Weblog: Coding, Austin, etc. Feed URL: https://cote.io/feed/ Feed Description: Using Java to get to the ideal state. Latest Java Buzz Posts Latest Java Buzz Posts by Michael Cote Latest Posts From Cote's Weblog: Coding, Austin, etc.

I finished the parts of Java Security that are relevant to authentication and authorization. The simple security stuff in Java is pretty interesting but, of course, limited to the single user of the VM, so pretty useless to my day-to-day programming life. The writeup of this section was just fine: maybe because I wasn't expecting anything beyond a description of the simple functionality this layer gives.

The single chapter on JAAS, while educational, wasn't the "complete" overview I was hoping for. I'd really like a good example of using JAAS to do security in a multi-user system where permissions are dynamic and permissioning can be done over instances, not just overall actions or types. That is, if I understand correctly from what I've heard, "data driven security."

I skipped over the part of cryptography, signing things, and all that gobbly-gook. I'm sure it's interesting, but my immediate interests aren't enough to pull me through reading about that kind of stuff.

Sadly, there doesn't seem to be many other books solely about security in Java. It'd be great if there was one just about JAAS with lots of examples of how to use it in practical ways.