J2SE, J2EE and Application Security
The life of a Java professional had never been more fun. Besides the traditional forms of enterprise application and Web application development, the emergence of XML and Web services technologies has resulted in a new Web-based distributed computing paradigm, with its own set of design, development, deployment and operations challenges. This is matched, in almost equal measures, by the growing richness of the Java platform, consisting of both the Standard Edition (J2SE) and the Enterprise Edition (J2EE), making it an apt toolchest for an increasingly complex world.
This toolchest has drawers filled with APIs, patterns, tools and conventions for different environments and different needs, waiting to be used at the right place, at the right time, and in the right way. Multiple implementations of the same APIs, sometimes from different vendors but more often freely available from the Open Source Community, allows one to pick the best of breed for a particular purpose. It is this multitude of choice and freedom that makes the life of a Java professional fun.
It is often claimed that Java is designed for secure programming from the ground up and security features are not added as an after thought. And indeed, it is quite unique in its ability to declaratively specify what a piece of code can and cannot do. Support for cryptographic operations and public key infrastructure through Java Cryptographic Architecture in J2SE is also quite remarkable. In addition, J2EE defines security characteristics for distributed processing, data access, transactions, management and other such aspects. All this makes Java an excellent platform for constructing secure enterprise applications.
|
