One of Java's most striking claims is that it provides a secure programming environment. Yet despite endless discussion, few people understand precisely what Java's claims mean and how it backs up those claims. If you're a developer, network administrator or anyone else who must understand or work with Java's security mechanisms, Java Security is the in-depth exploration you need. Java Security, 2nd Edition, focuses on the basic platform features of Java that provide security--the class loader, the bytecode verifier, and the security manager--and recent additions to Java that enhance this security model: digital signatures, security providers, and the access controller. The book covers the security model of Java 2, Version 1.3, which is significantly different from that of Java 1.1. It has extensive coverage of the two new important security APIs: JAAS (Java Authentication and Authorization Service) and JSSE (Java Secure Sockets Extension). Java Security, 2nd Edition, will give you a clear understanding of the architecture of Java's security model and how to use that model in both programming and administration.
The book is intended primarily for programmers who want to write secure Java applications. However, it is also an excellent resource for system and network administrators who are interested in Java security, particularly those who are interested in assessing the risk of using Java and need to understand how the security model works in order to assess whether or not Java meets their security needs.
1. Java Application Security What Is Security? Software Used in This Book The Java Sandbox Security Debugging Summary. 2. The Default Sandbox Elements of the Java Sandbox Permissions Keystores Code Sources Policy Files The Default Sandbox The java.security File Comparison with Previous Releases Summary. 3. Java Language Security Java Language Security Constructs Enforcement of the Java Language Rules Comparisons with Previous Releases Summary. 4. The Security Manager Overview of the Security Manager Operating on the Security Manager Methods of the Security Manager Comparison with Previous Releases Summary. 5. The Access Controller The CodeSource Class Permissions The Policy Class Protection Domains The AccessController Class Guarded Objects Comparison with Previous Releases Summary. 6. Java Class Loaders The Class Loader and Namespaces Class Loading Architecture Implementing a Class Loader Miscellaneous Class Loading Topics Comparison with Previous Releases Summary. 7. Introduction to Cryptography The Need for Authentication The Role of Authentication Cryptographic Engines Summary. 8. Security Providers The Architecture of Security Providers The Provider Class The Security Class The Architecture of Engine Classes Comparison with Previous Releases Summary. 9. Keys and Certificates Keys Generating Keys Key Factories Certificates Keys, Certificates, and Object Serialization Comparison with Previous Releases Summary. 10. Key Management Key Management Terms The keytool The Key Management API A Key Management Example Secret Key Management Comparison with Previous Releases Summary. 11. Message Digests Using the Message Digest Class Secure Message Digests Message Digest Streams Implementing a MessageDigest Class Comparison with Previous Releases Summary. 12. Digital Signatures The Signature Class Signed Classes Implementing a Signature Class Comparison with Previous Releases Summary. 13. Cipher-Based Encryption The Cipher Engine Cipher Streams Sealed Objects Comparison with Previous Releases Summary. 14. SSL and HTTPS An Overview of SSL and JSSE SSL Client and Server Sockets SSL Sessions SSL Contexts and Key Managers Miscellaneous SSL Issues The HTTPS Protocol Handler Debugging JSSE Summary. 15. Authentication and Authorization JAAS Overview Simple JAAS programming Simple JAAS Administration Advanced JAAS Topics Summary. A. The java.security File. B. Security Resources. C. Identity-Based Key Management. D. The Secure Java Container. E. Implementing a JCE Security Provider. F. Quick Reference. Index
