O'Reilly logo

Inside Java™ 2 Platform Security: Architecture, API Design, and Implementation, Second Edition by Mary Dageforde, Gary Ellison, Li Gong

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

9.9. Signing Objects

Recall the earlier discussion about the need to protect an object when it is in serialized state and during transit. In fact, quite a few situations exist in which the authenticity of an object and its state must be assured. Following are three examples.

  • An object acting as an authentication or authorization token is passed around internally to any Java runtime as part of the security system functions. Such a token must be unforgeable, and any innocent or malicious modification to its state must be detected.

  • An object is transported across machines (JVMs), and its authenticity still needs to be verified.

  • An object’s state is stored outside the Java runtime, for example, onto a disk for JVM restarting purposes.

The class

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required