“GlassFish Security” by Masoud Kalali lives up to the motto printed on its cover — “Community Experience Distilled.”

The book is efficient, has a clean layout and contains a logical progression of current JAVA EE and GlassFish Specific security topics.  Mercifully, the author avoids the conversational “filler” found in many books which cover IT related topics resulting in heavy tomes where one must hunt for information that is relevant.

The first chapter is useful in that it quickly defines the terms and describes the concepts that either a developer or administrator will require in understanding how to secure an application that is targeted toward the GlassFish application server. Also, the author made a good choice in using a jdbc realm as his first realm example. Directory Services are becoming more popular but there are many of us who are still developing applications where our authentication schemes will be supported by groups and roles already defined in our company’s or customer’s existing database systems. That being said Mr. Kalali furnishes us with a fine chapter on the OpenDS directory server for those of us that would like to get started with an LDAP v3 directory server often used to store this kind of hierarchical user/role information. The book also covers more advanced topics relevant to larger organizations and applications including Single Source Sign.

The work produced by Mr. Kalali has benefited by the time and attention of the editors at Packet publishing. “GlassFish Security” is a pleasant physical product. The book is well formatted, well bound and its use of fonts and screen shots is clear and consistent. Formatting that is “easy on the eyes” is, for someone who spends many hours looking and computer screens and reading programming and systems manuals, something that is appreciated in a book of this kind. Packt has done a nice job on this aspect of the product. Excellent layout and formatting appears to be a signature of several recent Packt titles. Keep up the good work Packt!

Long gone are the days when developers can generate software applications without consideration of the application’s security. If you are developing Java EE 6 applications, or are responsible for the administration of applications that resides in the GlassFish application server, “GlassFish Security” should be included in your project reference material.