book

Java Security

by Scott Oaks

May 1998

Intermediate to advanced

469 pages

14h 57m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Anatomy of a Java Application
Outline of the JavaRunner ApplicationBuilt-in Java Application Security
Java Language Security ConstructsObject Serialization and Memory Integrity
Compiler EnforcementThe Bytecode VerifierInside the bytecode verifierDelayed bytecode verificationControlling bytecode verificationRuntime Enforcement
Security and the Class LoaderClass Loaders and Security EnforcementClass Loaders and Namespaces
The Internal Class LoaderThe Applet Class LoaderThe RMI Class LoaderThe Secure Class LoaderThe URL Class LoaderChoosing the Right Class Loader
Implementing the ClassLoader ClassProtected methods in the ClassLoader classImplementing the SecureClassLoader ClassProtected methods of the SecureClassLoader classImplementing Security Policies in the Class Loader
Loading from Multiple SitesA JAR File Class Loader
DelegationLoading ResourcesLoading Libraries
Overview of the Security ManagerSecurity Managers and the Java API
Setting a Security ManagerMethods Relating to File AccessMethods Relating to Network AccessMethods Protecting the Java Virtual MachineMethods Protecting Program ThreadsMethods Protecting System ResourcesMethods Protecting Security Aspects
The CodeSource Class
The Permission ClassPermissions of the Java APIUsing the Permission ClassThe BasicPermission ClassPermission CollectionsThe Permissions Class
The Default Policy
Protected Methods of the Security ManagerThe Class Loader DepthProtected Instance Variables in the Security Manager
The Class Loader and the Security Manager
Utility ClassesImplementing Network AccessNetwork Permissions in the Class LoaderImplementing Thread SecurityImplementing Package AccessEstablishing a Security Policy in 1.2Establishing a 1.1 Security PolicyThe RMI security managerA complete 1.1 security managerImplementing the file access methodsImplementing network, thread, and package accessImplementing miscellaneous methods
The Secure JavaRunner ProgramThe Secure Java Launcher
The Need for AuthenticationAuthor AuthenticationData AuthenticationJava’s Role in Authentication
Message DigestsCryptographic KeysDigital SignaturesEncryption Engines
The Architecture of Security ProvidersComponents of the ArchitectureChoosing a Security Provider
Using the Provider ClassImplementing the Provider Class
The Security Class and the Security Manager
Using the Message Digest ClassSecure Message Digests
The DigestOutputStream ClassThe DigestInputStream Class
KeysThe Key InterfaceDSA keysThe KeyPair Class
Using the KeyPairGenerator ClassGenerating DSA KeysImplementing a Key Pair Generator
Using the KeyFactory classImplementing a Key FactoryKey SpecificationsThe EncodedKeySpec classThe AlgorithmParameterSpec interfaceA Key Factory Example
The Certificate ClassThe CertificateFactory ClassThe X509Certificate ClassAdvanced X509Certificate MethodsRevoked Certificates
Overview of Key ManagementPrincipals
Installing a KeyStore Class
The Signature ClassUsing the Signature ClassThe SignedObject ClassSigning and Certificates
Reading Signed JAR FilesThe Signed JAR File and Security Policies
Export Restrictions
Secret Keys
The KeyGenerator ClassUsing the KeyGenerator classImplementing a KeyGenerator classThe SecretKeyFactory ClassSecret key specificationsThe secret key factory SPI
Using the Cipher ClassCipher AlgorithmsImplementing the Cipher Class
The CipherOutputStream ClassThe CipherInputStream ClassSSL Encryption
The keytoolGlobal Options to keytoolAdding a Certificate EntryAdding a Key EntryModifying Keystore EntriesDeleting Keystore EntriesExamining Keystore DataImporting a 1.1-Based Identity DatabaseMiscellaneous Commands
Creating a Signed JAR FileVerifying a JAR File
Managing Policy CodebasesManaging PermissionsManaging Certificate Entries
The java.security FileThe java.policy File
IdentitiesThe Identity ClassUsing the identity classImplementing an Identity classThe Identity class and the security managerSignersUsing the Signer classImplementing a signerSigners and the security manager
Using the IdentityScope ClassWriting an Identity ScopeIdentityScope and the Security Manager
Implementing an Identity ClassImplementing a Signer ClassA Shared System Identity ScopeCreating Identities
Security BugsJava Security BugsTracking Security Bugs
Package java.security

Content preview from Java Security

Summary

Because the notion of security in Java is pervasive, its implementation is equally pervasive. In this chapter, we’ve explored the security mechanisms that are built into the Java language itself. Essentially, at this level the security mechanisms are concerned with establishing a set of rules for the Java language that creates an environment where an object’s view of memory is well-known and well-defined, so that a developer can ensure that items in memory cannot be accidentally or intentionally read, corrupted, or otherwise misused. We also took a brief look at Java’s bytecode verifier, including why it is necessary, and why you should turn it on, even for Java applications.

It’s important to keep in mind that the purpose of these security constraints is to protect the user’s machine from a malicious piece of code and not to protect a piece of code from a malicious user. Java does not (and could not) prevent a user from acting on memory from outside the browser (with possibly harmful results).

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 1565924037Supplemental Content Catalog Page Errata

Java Security

by Scott Oaks

Summary

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Java Security Handbook

Java Security, 2nd Edition

Java APIs, Extensions and Libraries: With JavaFX, JDBC, jmod, jlink, Networking, and the Process API

Deploying Zone-Based Firewalls

Publisher Resources