O'Reilly logo

Java Security by Scott Oaks

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Organization of This Book

This book is organized in a bottom-up fashion: we begin with the very low-level aspects of Java security and then proceed to the more advanced features.

Chapter 1

This chapter gives an overview of the security model (the Java sandbox) used in Java applications and sets the stage for the rest of the book.

Chapter 2

This chapter discusses the memory protections built into the Java language, how those protections provide a measure of security, and how they are enforced by the bytecode verifier.

Chapter 3

This chapter discusses the class loader, which is the class that reads in Java class files and turns them into classes. From a security perspective, the class loader is important in determining where classes originated and whether or not they were digitally signed (and if so, by whom), so the topic of class loaders appears throughout this book.

Chapter 4

This chapter discusses the security manager, which is the primary interface to application-level security in Java. The security manager is responsible for arbitrating access to all local resources: files, the network, printers, etc.

Chapter 5

The access controller is the basis for security manager implementations in Java 1.2. This chapter discusses how to use the access controller to achieve fine-grained levels of security in your application.

Chapter 6

This chapter ties together the information on the security manager and the access controller and shows how to implement one or both to achieve a desired security policy in your application.

Chapter 7

This chapter provides an overview to the cryptographic algorithms of the Java security package. It provides a background for the remaining chapters in the book.

Chapter 8

This chapter discusses the architecture of the Java security package, and how that architecture may be used to extend or supplant the default cryptographic algorithms that come with the JDK.

Chapter 9

This chapter discusses message digests: how to create them, how to use them, and how to implement them.

Chapter 10

This chapter discusses the APIs available to model cryptographic keys and certificates, and how those keys and certificates may be electronically transmitted.

Chapter 11

This chapter discusses how keys can be managed within a Java program: how and where they may be stored and how they can be retrieved and validated.

Chapter 12

This chapter discusses how to create, use, and implement digital signatures. This chapter also contains a discussion of signed classes.

Chapter 13

This chapter discusses the Java Cryptography Extension, which allows developers to encrypt and decrypt arbitrary streams of traffic.

Appendix A

This appendix discusses the administrative tools that come with Java that enable end users and administrators to work with the Java security model: keytool, jarsigner, and policytool.

Appendix B

Key management in Java 1.1 was radically different than the systems we explored in the main text. This appendix discusses how key management was handled in Java 1.1; it uses classes that are still present (but are deprecated) in 1.2.

Appendix C

This appendix discusses how to keep up-to-date with information about Java’s security implementation, including a discussion of Java security bugs and general resources for further information.

Appendix D

This appendix is a simple reference guide to the classes that are discussed in this book.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required