While it is a book of patterns, I'm curious how applicable the book is for those looking to take an existing J2EE application and existing security solution and integrate them.
I do see however, that most developers move around a lot and end up working with many different vendor implementations. Therefore, it may make more sense for you as a developer, to learn and use vendor-independent techniques such as those prescribed in the book. In either case, many of the patterns address problems that are not solved by any vendor implementations and must be implemented in the application. You, as the developer, should be aware of what patterns to use and when to use them.
Originally posted by Scott Selikoff:
Are there any chapters that discuss or comment about proprietary solutions? I share your view that J2EE should be vendor independent, but I've been in situations where I had to use vendor solutions and I'm curious how they fit into the mold or if they are so different, that they don't fit anywhere at all.
We carefully avoided not to discuss about non-standard or proprietary vendor solution. In some cases to illustrate examples (for Web services, Identity Management and Service provisioning), we discussed security patterns using popular open-source Java frameworks such as Apache Struts, Spring, Axis, OpenSAML and OpenSPML.