Writing a book on Java security has been a challenge for a number of reasons, not the least of which is that the security APIs have been radically changing over the past year. Java 1.1 introduced many of the APIs we’ll be discussing in this book, including the notion of a security provider that supplies an implementation of the security package. Java 1.2 introduced significant changes to the security package as well as a new fundamental security object called the “access controller,” which takes on much of the responsibility that has resided with the security manager since Java 1.0.
For the most part, we assume that developers using this book will be using the Java 2 platform, and our primary focus will be on the Java Development Kit (JDK) from Sun Microsystems. However, for developers using 1.1, we will provide full details of what’s available in 1.1, and what has changed in Java 2; in some cases, this information has changed so radically that the information is relegated to an appendix. Complicating all of this is that while overall there are few differences between the 1.2 beta releases of the JDK and the Java 2 platform, many of those important differences occur in the Security APIs. Unlike the first printing of this book, which focused on the 1.2 beta 3 release, this printing covers the API as it exists only in the Java 2 platform.
For the most part, we do not track changes between 1.0 and 1.1 in this book.
Most of the examples used in this book are available via ftp from the O’Reilly web site, http://www.oreilly.com. A few of the examples have been withheld from the online distribution because of U.S. restrictions on the export of cryptography.