book

Java in a Nutshell, 5th Edition

by David Flanagan

March 2005

Intermediate to advanced

1254 pages

104h 21m

English

O'Reilly Media, Inc.

Read now

Unlock full access

1.1.1. The Java Programming Language1.1.2. The Java Virtual Machine1.1.3. The Java Platform1.1.4. Versions of Java
1.2.1. Write Once, Run Anywhere1.2.2. Security1.2.3. Network-Centric Programming1.2.4. Dynamic, Extensible Programs1.2.5. Internationalization1.2.6. Performance1.2.7. Programmer Efficiency and Time-to-Market
1.3.1. Compiling and Running the Program1.3.2. Analyzing the Program1.3.2.1. Comments1.3.2.2. Defining a class1.3.2.3. Defining a method1.3.2.4. Declaring a variable and parsing input1.3.2.5. Computing the result1.3.2.6. Displaying output1.3.2.7. The end of a method1.3.2.8. Blank lines1.3.2.9. Another method1.3.2.10. Checking for valid input1.3.2.11. An important variable1.3.2.12. Looping and computing the factorial1.3.2.13. Returning the result1.3.3. Exceptions
2.2.1. The Unicode Character Set2.2.2. Case-Sensitivity and Whitespace2.2.3. Comments2.2.4. Reserved Words2.2.5. Identifiers2.2.6. Literals2.2.7. Punctuation
2.3.1. The boolean Type2.3.2. The char Type2.3.3. Strings2.3.4. Integer Types2.3.5. Floating-Point Types2.3.6. Primitive Type Conversions
2.4.1. Operator Summary2.4.1.1. Precedence2.4.1.2. Associativity2.4.1.3. Operand number and type2.4.1.4. Return type2.4.1.5. Side effects2.4.1.6. Order of evaluation2.4.2. Arithmetic Operators2.4.3. String Concatenation Operator2.4.4. Increment and Decrement Operators2.4.5. Comparison Operators2.4.6. Boolean Operators2.4.7. Bitwise and Shift Operators2.4.8. Assignment Operators2.4.9. The Conditional Operator2.4.10. The instanceof Operator2.4.11. Special Operators
2.5.1. Expression Statements2.5.2. Compound Statements2.5.3. The Empty Statement2.5.4. Labeled Statements2.5.5. Local Variable Declaration Statements2.5.6. The if/else Statement2.5.6.1. The else if clause2.5.7. The switch Statement2.5.8. The while Statement2.5.9. The do Statement2.5.10. The for Statement2.5.11. The for/in Statement2.5.11.1. Iterable and iterator2.5.11.2. What for/in cannot do2.5.12. The break Statement2.5.13. The continue Statement2.5.14. The return Statement2.5.15. The synchronized Statement2.5.16. The throw Statement2.5.16.1. Exception types2.5.17. The try/catch/finally Statement2.5.17.1. try2.5.17.2. catch2.5.17.3. finally2.5.18. The assert Statement2.5.18.1. Compiling assertions2.5.18.2. Enabling assertions2.5.18.3. Using assertions
2.6.1. Defining Methods2.6.2. Method Modifiers2.6.3. Declaring Checked Exceptions2.6.4. Variable-Length Argument Lists2.6.5. Covariant Return Types
2.7.1. Defining a Class2.7.2. Creating an Object2.7.3. Using an Object2.7.4. Object Literals2.7.4.1. String literals2.7.4.2. Type literals2.7.4.3. The null reference
2.8.1. Array Types2.8.1.1. Array type widening conversions2.8.1.2. C compatibility syntax2.8.2. Creating and Initializing Arrays2.8.2.1. Array initializers2.8.3. Using Arrays2.8.3.1. Accessing array elements2.8.3.2. Array bounds2.8.3.3. Iterating arrays2.8.3.4. Copying arrays2.8.3.5. Array utilities2.8.4. Multidimensional Arrays
2.9.1. Reference vs. Primitive Types2.9.2. Copying Objects2.9.3. Comparing Objects2.9.4. Terminology: Pass by Value2.9.5. Memory Allocation and Garbage Collection2.9.6. Reference Type Conversions2.9.7. Boxing and Unboxing Conversions
2.10.1. Package Declaration2.10.2. Globally Unique Package Names2.10.3. Importing Types2.10.3.1. Naming conflicts and shadowing2.10.4. Importing Static Members2.10.4.1. Static member imports and overloaded methods
3.2.1. Field Declaration Syntax3.2.2. Class Fields3.2.3. Class Methods3.2.4. Instance Fields3.2.5. Instance Methods3.2.5.1. How instance methods work3.2.5.2. Instance methods or class methods?3.2.6. Case Study: System.out.println( )
3.3.1. Defining a Constructor3.3.2. Defining Multiple Constructors3.3.3. Invoking One Constructor from Another3.3.4. Field Defaults and Initializers3.3.4.1. Initializer blocks
3.4.1. Garbage Collection3.4.2. Memory Leaks in Java3.4.3. Object Finalization
3.5.1. Extending a Class3.5.1.1. Final classes3.5.2. Superclasses, Object, and the Class Hierarchy3.5.3. Subclass Constructors3.5.4. Constructor Chaining and the Default Constructor3.5.4.1. The default constructor3.5.4.2. Finalizer chaining?3.5.5. Hiding Superclass Fields3.5.6. Overriding Superclass Methods3.5.6.1. Overriding is not hiding3.5.6.2. Dynamic method lookup3.5.6.3. Final methods and static method lookup3.5.6.4. Invoking an overridden method
3.6.1. Access Control3.6.1.1. Access to packages3.6.1.2. Access to classes3.6.1.3. Access to members3.6.1.4. Access control and inheritance3.6.1.5. Member access summary3.6.2. Data Accessor Methods
3.8.1. toString()3.8.2. equals( )3.8.3. hashCode( )3.8.4. Comparable.compareTo( )3.8.5. clone()
3.9.1. Defining an Interface3.9.1.1. Extending interfaces3.9.2. Implementing an Interface3.9.2.1. Implementing multiple interfaces3.9.3. Interfaces vs. Abstract Classes3.9.4. Marker Interfaces3.9.5. Interfaces and Constants
3.10.1. Static Member Types3.10.1.1. Features of static member types3.10.1.2. Restrictions on static member types3.10.1.3. Syntax for static member types3.10.2. Nonstatic Member Classes3.10.2.1. Features of member classes3.10.2.2. Restrictions on member classes3.10.2.3. Syntax for member classes3.10.2.3.1. Accessing superclass members of the containing class3.10.2.3.2. Specifying the containing instance3.10.2.4. Scope versus inheritance3.10.3. Local Classes3.10.3.1. Features of local classes3.10.3.2. Restrictions on local classes3.10.3.3. Syntax for local classes3.10.3.4. Scope of a local class3.10.3.5. Local variables, lexical scoping, and closures3.10.4. Anonymous Classes3.10.4.1. Features of anonymous classes3.10.4.2. Restrictions on anonymous classes3.10.4.3. Syntax for anonymous classes3.10.4.4. When to use an anonymous class3.10.4.5. Anonymous class indentation and formatting3.10.5. How Nested Types Work3.10.5.1. Static member type implementation3.10.5.2. Nonstatic member class implementation3.10.5.3. Local and anonymous class implementation
4.1.1. Typesafe Collections4.1.2. Understanding Generic Types4.1.2.1. Raw types and unchecked warnings4.1.2.2. The parameterized type hierarchy4.1.2.3. Runtime type safety4.1.2.4. Arrays of parameterized type4.1.3. Type Parameter Wildcards4.1.3.1. Bounded wildcards4.1.4. Writing Generic Types and Methods4.1.4.1. Type variable bounds4.1.4.2. Wildcards in generic types4.1.4.3. Generic methods4.1.4.4. Invoking generic methods4.1.4.5. Generic methods and arrays4.1.4.6. Parameterized exceptions4.1.5. Generics Case Study: Comparable and Enum
4.2.1. Enumerated Types Basics4.2.1.1. Enumerated types are classes4.2.1.2. Features of enumerated types4.2.2. Using Enumerated Types4.2.2.1. Enums and the switch statement4.2.2.2. EnumMap4.2.2.3. EnumSet4.2.3. Advanced Enum Syntax4.2.3.1. The class body of an enumerated type4.2.3.2. Implementing an interface4.2.3.3. Value-specific class bodies4.2.3.3.1. When to use value-specific class bodies4.2.3.4. Restrictions on enum types4.2.4. The Typesafe Enum Pattern
4.3.1. Annotation Concepts and Terminology4.3.2. Using Standard Annotations4.3.2.1. Override4.3.2.2. Deprecated4.3.2.3. SuppressWarnings4.3.3. Annotation Syntax4.3.3.1. Annotation member types and values4.3.3.2. Annotation targets4.3.3.3. Annotations and defaults4.3.4. Annotations and Reflection4.3.5. Defining Annotation Types4.3.6. Meta-Annotations4.3.6.1. Target4.3.6.2. Retention4.3.6.3. Documented4.3.6.4. Inherited
5.2.1. The String Class5.2.2. The Character Class5.2.3. The StringBuffer Class5.2.4. The CharSequence Interface5.2.5. The Appendable Interface5.2.6. String Concatenation5.2.7. String Comparison5.2.8. Supplementary Characters5.2.9. Formatting Text with printf() and format( )5.2.10. Logging5.2.11. Pattern Matching with Regular Expressions5.2.12. Tokenizing Text5.2.13. StringTokenizer
5.3.1. Mathematical Functions5.3.2. Random Numbers5.3.3. Big Numbers5.3.4. Converting Numbers from and to Strings5.3.5. Formatting Numbers
5.4.1. Milliseconds and Nanoseconds5.4.2. The Date Class5.4.3. The Calendar Class5.4.4. Formatting Dates and Times
5.6.1. The Collection Interface5.6.2. The Set Interface5.6.3. The List Interface5.6.4. The Map Interface5.6.5. The Queue and BlockingQueue Interfaces5.6.6. Collection Wrappers5.6.7. Special-Case Collections5.6.8. Converting to and from Arrays5.6.9. Collections Utility Methods5.6.10. Implementing Collections
5.7.1. Creating, Running, and Manipulating Threads5.7.1.1. Thread lifecycle5.7.1.2. Thread priorities5.7.1.3. Handling uncaught exceptions5.7.2. Making a Thread Sleep5.7.3. Running and Scheduling Tasks5.7.3.1. Scheduling tasks with Timer5.7.3.2. The Executor interface5.7.3.3. ExecutorService5.7.3.4. ScheduledExecutorService5.7.4. Exclusion and Locks5.7.4.1. The java.util.concurrent.locks package5.7.4.2. Deadlock5.7.5. Coordinating Threads5.7.5.1. wait( ) and notify()5.7.5.2. Waiting on a Condition5.7.5.3. Waiting for a thread to finish5.7.5.4. Synchronizer utilities5.7.6. Thread Interruption5.7.7. Blocking Queues5.7.8. Atomic Variables
5.8.1. RandomAccessFile
5.9.1. Reading Console Input5.9.2. Reading Lines from a Text File5.9.3. Writing Text to a File5.9.4. Reading a Binary File5.9.5. Compressing Data5.9.6. Reading ZIP Files5.9.7. Computing Message Digests5.9.8. Streaming Data to and from Arrays5.9.9. Thread Communication with Pipes
5.10.1. Networking with the URL Class5.10.2. Working with Sockets5.10.3. Secure Sockets with SSL5.10.4. Servers5.10.5. Datagrams5.10.6. Testing the Reachability of a Host
5.11.1. Basic Buffer Operations5.11.2. Basic Channel Operations5.11.3. Encoding and Decoding Text with Charsets5.11.4. Working with Files5.11.5. Client-Side Networking5.11.6. Server-Side Networking5.11.7. Nonblocking I/O
5.12.1. Parsing XML with SAX5.12.2. Parsing XML with DOM5.12.3. Transforming XML Documents5.12.4. Validating XML Documents5.12.5. Evaluating XPath Expressions
5.13.1. Class Objects5.13.2. Reflecting on a Class5.13.3. Dynamic Class Loading5.13.4. Dynamic Proxies
5.14.1. Serialization5.14.2. JavaBeans Persistence
5.15.1. Message Digests5.15.2. Digital Signatures5.15.3. Signed Objects
5.16.1. Secret Keys5.16.2. Encryption and Decryption with Cipher5.16.3. Encrypting and Decrypting Streams5.16.4. Encrypted Objects
5.17.1. Properties5.17.2. Preferences5.17.3. Processes5.17.4. Management and Instrumentation
6.4.1. Java 1.0: The Sandbox6.4.1.1. How the sandbox works6.4.2. Java 1.1: Digitally Signed Classes6.4.3. Java 1.2: Permissions and Policies6.4.3.1. How policies and permissions work
6.5.1. Security for System Programmers6.5.2. Security for Application Programmers6.5.3. Security for System Administrators6.5.4. Security for End Users
7.3.1. Structure of a Doc Comment7.3.2. Doc-Comment Tags7.3.3. Inline Doc Comment Tags7.3.4. Cross-References in Doc Comments7.3.5. Doc Comments for Packages
7.4.1. Bean Basics7.4.2. Bean Classes7.4.3. Properties7.4.4. Indexed Properties7.4.5. Bound Properties7.4.6. Constrained Properties7.4.7. Events

Content preview from Java in a Nutshell, 5th Edition

Access Control

As we noted at the beginning of this chapter, the heart of the Java security architecture is access control: untrusted code simply must not be granted access to the sensitive parts of the Java API that would allow it to do malicious things. As we’ll discuss in the following sections, the Java access control model evolved significantly between Java 1.0 and Java 1.2. Since then, the access control model has been relatively stable; it has not changed significantly since Java 1.2. The next sections provide a brief history of the evolution of Java security as it developed from Java 1.0 to Java 1.2, which marked the last major changes to the security model.

Java 1.0: The Sandbox

In this first release of Java, all Java code installed locally on the system is trusted implicitly. All code downloaded over the network, however, is untrusted and run in a restricted environment playfully called “the sandbox.” The access control policies of the sandbox are defined by the currently installed java.lang.SecurityManager object. When system code is about to perform a restricted operation, such as reading a file from the local filesystem, it first calls an appropriate method (such as checkRead( )) of the currently installed SecurityManager object. If untrusted code is running, the SecurityManager throws a SecurityException that prevents the restricted operation from taking place.

The most common user of the SecurityManager class is a Java-enabled web browser, which installs a