book

Java Security

by Scott Oaks

May 1998

Intermediate to advanced

469 pages

14h 57m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Anatomy of a Java Application
Outline of the JavaRunner ApplicationBuilt-in Java Application Security
Java Language Security ConstructsObject Serialization and Memory Integrity
Compiler EnforcementThe Bytecode VerifierInside the bytecode verifierDelayed bytecode verificationControlling bytecode verificationRuntime Enforcement
Security and the Class LoaderClass Loaders and Security EnforcementClass Loaders and Namespaces
The Internal Class LoaderThe Applet Class LoaderThe RMI Class LoaderThe Secure Class LoaderThe URL Class LoaderChoosing the Right Class Loader
Implementing the ClassLoader ClassProtected methods in the ClassLoader classImplementing the SecureClassLoader ClassProtected methods of the SecureClassLoader classImplementing Security Policies in the Class Loader
Loading from Multiple SitesA JAR File Class Loader
DelegationLoading ResourcesLoading Libraries
Overview of the Security ManagerSecurity Managers and the Java API
Setting a Security ManagerMethods Relating to File AccessMethods Relating to Network AccessMethods Protecting the Java Virtual MachineMethods Protecting Program ThreadsMethods Protecting System ResourcesMethods Protecting Security Aspects
The CodeSource Class
The Permission ClassPermissions of the Java APIUsing the Permission ClassThe BasicPermission ClassPermission CollectionsThe Permissions Class
The Default Policy
Protected Methods of the Security ManagerThe Class Loader DepthProtected Instance Variables in the Security Manager
The Class Loader and the Security Manager
Utility ClassesImplementing Network AccessNetwork Permissions in the Class LoaderImplementing Thread SecurityImplementing Package AccessEstablishing a Security Policy in 1.2Establishing a 1.1 Security PolicyThe RMI security managerA complete 1.1 security managerImplementing the file access methodsImplementing network, thread, and package accessImplementing miscellaneous methods
The Secure JavaRunner ProgramThe Secure Java Launcher
The Need for AuthenticationAuthor AuthenticationData AuthenticationJava’s Role in Authentication
Message DigestsCryptographic KeysDigital SignaturesEncryption Engines
The Architecture of Security ProvidersComponents of the ArchitectureChoosing a Security Provider
Using the Provider ClassImplementing the Provider Class
The Security Class and the Security Manager
Using the Message Digest ClassSecure Message Digests
The DigestOutputStream ClassThe DigestInputStream Class
KeysThe Key InterfaceDSA keysThe KeyPair Class
Using the KeyPairGenerator ClassGenerating DSA KeysImplementing a Key Pair Generator
Using the KeyFactory classImplementing a Key FactoryKey SpecificationsThe EncodedKeySpec classThe AlgorithmParameterSpec interfaceA Key Factory Example
The Certificate ClassThe CertificateFactory ClassThe X509Certificate ClassAdvanced X509Certificate MethodsRevoked Certificates
Overview of Key ManagementPrincipals
Installing a KeyStore Class
The Signature ClassUsing the Signature ClassThe SignedObject ClassSigning and Certificates
Reading Signed JAR FilesThe Signed JAR File and Security Policies
Export Restrictions
Secret Keys
The KeyGenerator ClassUsing the KeyGenerator classImplementing a KeyGenerator classThe SecretKeyFactory ClassSecret key specificationsThe secret key factory SPI
Using the Cipher ClassCipher AlgorithmsImplementing the Cipher Class
The CipherOutputStream ClassThe CipherInputStream ClassSSL Encryption
The keytoolGlobal Options to keytoolAdding a Certificate EntryAdding a Key EntryModifying Keystore EntriesDeleting Keystore EntriesExamining Keystore DataImporting a 1.1-Based Identity DatabaseMiscellaneous Commands
Creating a Signed JAR FileVerifying a JAR File
Managing Policy CodebasesManaging PermissionsManaging Certificate Entries
The java.security FileThe java.policy File
IdentitiesThe Identity ClassUsing the identity classImplementing an Identity classThe Identity class and the security managerSignersUsing the Signer classImplementing a signerSigners and the security manager
Using the IdentityScope ClassWriting an Identity ScopeIdentityScope and the Security Manager
Implementing an Identity ClassImplementing a Signer ClassA Shared System Identity ScopeCreating Identities
Security BugsJava Security BugsTracking Security Bugs
Package java.security

Content preview from Java Security

Summary

The class loading mechanism is integral to Java’s security features. Typically this integration is considered in light of the relationship between the class loader and the security manager. However, the class loader is important in its own right. The class loader must enforce the namespace separation between classes that are loaded from different sites (especially when these different sites are untrusted). Newer versions of the class loader (in Java 1.2) provide an easier route for developers of class loaders, and they provide more hooks into the access controller.

For sites that need a more flexible security policy, a different class loader may be desirable. For example, a class loader that allows programs within a protected, internal network to load class files from several machines on that internal network is particularly useful for extending the advantages that the Java model brings to program distribution. Other variations on this theme are possible—as long as the implementor remembers to keep the security requirements of Java’s namespace model in mind when such variations are designed.

In the next chapters, we’ll look in depth at Java’s security manager and Java’s protection domains, and see how the class loader and these features together further enforce Java’s security policies.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 1565924037Supplemental Content Catalog Page Errata

Java Security

by Scott Oaks

Summary

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Java Security Handbook

Java Security, 2nd Edition

Java APIs, Extensions and Libraries: With JavaFX, JDBC, jmod, jlink, Networking, and the Process API

Deploying Zone-Based Firewalls

Publisher Resources