Java Security, 2Nd Edition
Total Page:16
File Type:pdf, Size:1020Kb
Table of Contents Preface..................................................................................................................................................................1 Who Should Read This Book?.................................................................................................................1 Versions Used in This Book....................................................................................................................2 Conventions Used in This Book..............................................................................................................2 Organization of This Book.......................................................................................................................3 What's New in This Edition.....................................................................................................................5 How to Contact Us...................................................................................................................................5 Acknowledgments....................................................................................................................................6 Feedback for the Author..........................................................................................................................6 Chapter 1. Java Application Security...............................................................................................................7 1.1 What Is Security?...............................................................................................................................7 1.2 Software Used in This Book..............................................................................................................9 1.3 The Java Sandbox............................................................................................................................14 1.4 Security Debugging.........................................................................................................................17 1.5 Summary..........................................................................................................................................19 Chapter 2. The Default Sandbox.....................................................................................................................21 2.1 Elements of the Java Sandbox.........................................................................................................21 2.2 Permissions......................................................................................................................................22 2.3 Keystores..........................................................................................................................................32 2.4 Code Sources...................................................................................................................................33 2.5 Policy Files......................................................................................................................................33 2.6 The Default Sandbox.......................................................................................................................37 2.7 The java.security File.......................................................................................................................39 2.8 Comparison with Previous Releases................................................................................................40 2.9 Summary..........................................................................................................................................40 Chapter 3. Java Language Security................................................................................................................41 3.1 Java Language Security Constructs.................................................................................................41 3.2 Enforcement of the Java Language Rules........................................................................................46 3.3 Comparisons with Previous Releases..............................................................................................50 3.4 Summary..........................................................................................................................................51 Chapter 4. The Security Manager...................................................................................................................53 4.1 Overview of the Security Manager..................................................................................................53 4.2 Operating on the Security Manager.................................................................................................57 4.3 Methods of the Security Manager....................................................................................................58 4.4 Comparison with Previous Releases................................................................................................73 4.5 Summary..........................................................................................................................................74 Chapter 5. The Access Controller...................................................................................................................77 5.1 The CodeSource Class.....................................................................................................................77 5.2 Permissions......................................................................................................................................78 5.3 The Policy Class..............................................................................................................................87 5.4 Protection Domains..........................................................................................................................90 5.5 The AccessController Class.............................................................................................................91 5.6 Guarded Objects...............................................................................................................................96 5.7 Comparison with Previous Releases................................................................................................97 5.8 Summary..........................................................................................................................................97 i Table of Contents Chapter 6. Java Class Loaders........................................................................................................................99 6.1 The Class Loader and Namespaces..................................................................................................99 6.2 Class Loading Architecture............................................................................................................101 6.3 Implementing a Class Loader........................................................................................................102 6.4 Miscellaneous Class Loading Topics.............................................................................................110 6.5 Comparison with Previous Releases..............................................................................................112 6.6 Summary........................................................................................................................................112 Chapter 7. Introduction to Cryptography....................................................................................................113 7.1 The Need for Authentication.........................................................................................................113 7.2 The Role of Authentication............................................................................................................117 7.3 Cryptographic Engines...................................................................................................................118 7.4 Summary........................................................................................................................................122 Chapter 8. Security Providers.......................................................................................................................123 8.1 The Architecture of Security Providers.........................................................................................123 8.2 The Provider Class.........................................................................................................................127 8.3 The Security Class.........................................................................................................................132 8.4 The Architecture of Engine Classes...............................................................................................137 8.5 Comparison with Previous Releases..............................................................................................137 8.6 Summary........................................................................................................................................138 Chapter 9. Keys and Certificates...................................................................................................................139 9.1 Keys...............................................................................................................................................140