Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management

[Sua] Liz Blair. Build to Spec. http://java.sun.com/developer/technicalArticles/J2EE/build/build2.html

[WebAppSecurity] Java Web Services Tutorial. http://java.sun.com/webservices/docs/1.1/tutorial/doc/WebAppSecurity3.html

[Needham] R. M. Needham and M. D. Schroeder. "Using Encryption for Authentication in Large Networks of Computers." Communications of the ACM, Vol. 21 (12), pp. 993-99.

[Kerievsky] Joshua Kerievsky, Refactoring to Patterns. Addison-Wesley, 2004.

[Vau] David Winterfeldt and Ted Husted. Struts in Action, "Chapter 12: Validating User Input." http://java.sun.com/developer/Books/javaprogramming/struts/struts_chptr_12.pdf

[POSA] Buschmann, Meunier, Rohnert, Sommerlad, and Stal. Pattern-Oriented Software ArchitectureA System of Patterns. Wiley Press, 1996-2000.

[Gof] Gamma, Helm, Johnson, Vlissides. Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, 1994.

[EIP] Hohpe, Woolf. Enterprise Integration Patterns. Addison-Wesley, 2004

[CJP2] Alur, Crupi, and Malks. Core J2EE Patterns, Second Edition. Prentice Hall, 2003.

[Java2] The Java™ 2 runtime environment http://java.sun.com/java2

[RFC1508] RFC 1508Generic Security Service Application Program Interface http://www.faqs.org/rfcs/rfc1508.html

[RFC2743] RFC 2743Generic Security Service Application Program Interface Version 2, Update 1 http://www.faqs.org/rfcs/rfc2743.html

[JAAS] Java Authentication and Authorization Service Developer Guide http://java.sun.com/security/jaas/doc/api.html