Security is one of the key features that has made Java as successful as it has been. The Java security architecture includes access control mechanisms that allow untrusted programs, such as applets, to be executed safely, without fear that they will cause malicious damage, steal company secrets, or otherwise wreak havoc. The access control mechanisms used by Java have changed substantially between Java 1.0 and 1.2; we’ll discuss the Java 1.2 mechanisms in this chapter.

Access control is only one half of the Java security architecture, however. The other half is authentication. The java.security package and its subpackages allow you to create and verify cryptographic checksums and digital signatures, to prove whether a Java class file (or any other file) is authentic, that is, whether it truly comes from the source that it purports to be from. The authentication API has also changed as Java has evolved, and I cover the Java 1.2 API here.

The access control and authentication aspects of the Java security architecture are closely coupled. Access control is about granting privileges only to trusted code. But what code should you trust? If you know which people and organizations to trust (which is ultimately a social, not technological, problem), you can use authentication technologies such as digital signatures to allow you to trust the Java class files from those people and organizations.

Cryptography is closely related to, but not part of, ...