Security becomes ever more important as people flock to the Web and a large number of sites (such as Amazon and online banks) store personal information about their customers, not to mention a wide variety of uses in custom enterprise solutions with multiple users. Java provides security in two major ways. Java Cryptography provides user identification/authentication and signing of digital messages. Java Authentication and Authorization Services provides programmatic access control and user authorization, granting access to various program features based on permissions and security policies. This chapter gives you a solid foundation in these APIs and shows you how to utilize them effectively. Additionally, the new digital signing of XML documents, introduced in JDK 6, is discussed.

The Java implementation of security addresses many standard facets of security such as access control, public/private key generation and management, signing of digital content, and management of digital certificates. This chapter looks at what Java provides in its various security packages and delves into the concepts of security.