You are previewing Inside Java™ 2 Platform Security: Architecture, API Design, and Implementation, Second Edition.
O'Reilly logo
Inside Java™ 2 Platform Security: Architecture, API Design, and Implementation, Second Edition

Book Description

Inside Java™ 2 Platform Security, the definitive and comprehensive guide to the Java security platform, has been thoroughly updated to reflect key additions and revisions to Java security technologies currently in use by leading technology companies. This second edition, penned by the Java experts at Sun Microsystems, provides a detailed look into the central workings of the Java security architecture and describes tools and techniques for successful implementation on even the most demanding network computing environment.

While Java has always provided a stronger security model than other platforms, this book reviews all the methods and practices required to improve security without sacrificing functionality. With tips on how to customize, extend, and refine the Java security architecture, users will have everything they need to protect their information assets from both external and internal threats.

This book's in-depth coverage encompasses security architecture, deployment, customization, new developments, and much more.

  • Security fundamentals

  • Secure class loading

  • Specifying fine-grained security policy

  • Enforcing security policy with AccessController, SecurityManager, and more

  • Digital certificates, certification paths, signed code, JAAS, and other authentication measures

  • Java-based cryptography with code examples

  • JSSE, Java GSS-API, and RMI for network security

  • Previews of other platforms for security, including Java Card, J2ME and Jini

  • Designed for both the system administrator and software practitioner, this book delivers vital knowledge for building and maintaining a secure system using the Java 2 platform. With detailed code and usage examples throughout, Inside Java™ 2 Platform Security, Second Edition, is an indispensable resource for all platform security needs.

    The Java™ Series is supported, endorsed, and authored by the creators of the Java technology at Sun Microsystems, Inc. It is the official place to go for complete, expert, and definitive information on Java technology. The books in this Series provide the inside information you need to build effective, robust, and portable applications and applets. The Series is an indispensable resource for anyone targeting the Java™ 2 platform.

    Table of Contents

    1. Copyright
    2. The Java™ Series
    3. Preface
    4. Preface to the First Edition
    5. Computer and Network Security Fundamentals
      1. Cryptography versus Computer Security
      2. Threats and Protection
      3. Perimeter Defense
      4. Access Control and Security Models
      5. Using Cryptography
      6. Authentication
      7. Mobile Code
      8. Where Java Technology–Based Security Fits In
    6. Basic Security for the Java Programming Language
      1. The Java Programming Language and Platform
      2. Original Basic Security Architecture
      3. Bytecode Verification and Type Safety
      4. Signed Applets
      5. Further Enhancements
    7. Java 2 Security Architecture
      1. Security Architecture Requirements of Java 2
      2. Overview of the Java 2 Security Architecture
      3. Architecture Summary
      4. Lessons Learned
    8. Secure Class Loading
      1. Class Files, Types, and Defining Class Loaders
      2. Well-Known Class Loader Instances
      3. Class Loader Hierarchies
      4. Loading Classes
      5. SecureClassLoader Details
      6. URLClassLoader Details
      7. Class Paths
    9. Elements of Security Policy
      1. Permissions
      2. Describing Code
      3. ProtectionDomain
      4. Security Policy
      5. Assigning Permissions
      6. Dynamic Security Policy
    10. Enforcing Security Policy
      1. SecurityManager
      2. AccessControlContext
      3. DomainCombiner
      4. AccessController
    11. Customizing the Security Architecture
      1. Creating New Permission Types
      2. Customizing Security Policy
      3. Customizing the Access Control Context
    12. Establishing Trust
      1. Digital Certificates
      2. Establishing Trust with Certification Paths
      3. Establishing Trust in Signed Code
      4. User-Centric Authentication and Authorization Using JAAS
      5. Distributed End-Entity Authentication
    13. Object Security
      1. Security Exceptions
      2. Fields and Methods
      3. Static Fields
      4. Private Object State and Object Immutability
      5. Privileged Code
      6. Serialization
      7. Inner Classes
      8. Native Methods
      9. Signing Objects
      10. Sealing Objects
      11. Guarding Objects
    14. Programming Cryptography
      1. Cryptographic Concepts
      2. Design Principles
      3. Cryptographic Services and Service Providers
      4. Core Cryptography Classes
      5. Additional Cryptography Classes
      6. Code Examples
      7. Standard Names
      8. Algorithm Specifications
    15. Network Security
      1. Java GSS-API
      2. JSSE
      3. Remote Method Invocation
    16. Deploying the Security Architecture
      1. Installing the Latest Java 2 Platform Software
      2. The Installation Directory <java.home>
      3. Setting System and Security Properties
      4. Securing the Deployment
      5. Installing Provider Packages
      6. Policy Configuration
      7. JAAS Login Configuration Files
      8. Security Tools
      9. X.500 Distinguished Names
      10. Managing Security Policies for Nonexperts
    17. Other Platforms and Future Directions
      1. Introduction to Java Card
      2. Introduction to Java 2 Micro Edition
      3. Security Enhancements on the Horizon for J2SE
      4. Brief Introduction to Jini Network Technology
      5. Brief Introduction to J2EE
      6. Client Containers
      7. Final Remarks
    18. Bibliography