Java Standard Edition

JW's Most Read

JW's Top 5

Featured White Papers

Sponsored Links

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

JavaWorld.com > Java Standard Edition >

Java security: How to install the security manager and customize your security policy

Learn about the security manager and the Java API, what remains unprotected by the security manager, and security beyond the JVM architecture

By Bill Venners, JavaWorld.com, 11/01/97

Print
Feedback

Page 4 of 7

In general, a "check" method of the security manager throws a security exception if the checked-upon activity is forbidden, and simply returns if the activity is permitted. Therefore, the procedure a Java API method generally follows when it is about to perform a potentially unsafe activity involves two steps. First, the Java API code checks whether a security manager has been installed. If not, it doesn't move to step two but goes ahead with the potentially unsafe action. If a security manager has been installed, the API code enacts step two, which is to call the appropriate "check" method in the security manager. If the action is forbidden, the "check" method will throw a security exception, which will cause the Java API method to abort immediately. The potentially unsafe action will never be taken. If, on the other hand, the action is permitted, the "check" method will simply return. In this case, the Java API method carries on and performs the potentially unsafe action.

Print
Feedback

More from JavaWorld

More from CITEworld

Resources

The book The Java virtual machine Specification (http://www.aw.com/cp/lindholm-yellin.html), by Tim Lindholm and Frank Yellin (ISBN 0-201-63452-X), part of The Java Series (http://www.aw.com/cp/javaseries.html), from Addison-Wesley, is the definitive Java virtual machine reference.
Secure Computing with JavaNow and the Future (a whitepaper) http://www.javasoft.com/marketing/collateral/security.html
Applet Security FAQ http://www.javasoft.com/sfaq/
Low Level Security in Java, by Frank Yellin http://www.javasoft.com/sfaq/verifier.html
The Java Security Home Page http://www.javasoft.com/security/
See the Hostile Applets Home Page http://www.math.gatech.edu/~mladue/HostileApplets.html
For more information about authentication in JDK 1.1, see http://www.javasoft.com/products/jdk/1.1/docs/guide/security/index.html.
A whitepaper that describes the various aspects of Java's overall security strategy is http://www.javasoft.com/security/whitepaper.html.
The book Java SecurityHostile Applets, Holes, and Antidotes, by Dr. Gary McGraw and Ed Felton, gives a thorough analysis of security issues surrounding Java. http://www.rstcorp.com/java-security.html
Previous "Under The Hood" articles
The Lean, Mean Virtual Machine -- Gives an introduction to the Java virtual machine.
The Java Class File Lifestyle -- Gives an overview of the Java class file, the file format into which all Java programs are compiled.
Java's Garbage- Collected Heap -- Gives an overview of garbage collection in general and the garbage-collected heap of the Java virtual machine in particular.
Bytecode Basics -- Introduces the bytecodes of the Java virtual machine, and discusses primitive types, conversion operations, and stack operations in particular.
Floating Point Arithmetic -- Describes the Java virtual machine's floating-point support and the bytecodes that perform floating point operations.
Logic and Arithmetic -- Describes the Java virtual machine's support for logical and integer arithmetic, and the related bytecodes.
Objects and Arrays -- Describes how the Java virtual machine deals with objects and arrays, and discusses the relevant bytecodes.
Exceptions -- Describes how the Java virtual machine deals with exceptions, and discusses the relevant bytecodes.
Try-Finally -- Describes how the Java virtual machine implements try-finally clauses, and discusses the relevant bytecodes.
Control Flow -- Describes how the Java virtual machine implements control flow and discusses the relevant bytecodes.
The Architecture of Aglets -- Describes the inner workings of aglets, IBM's autonomous Java-based software agent technology.
The Point of Aglets -- Analyzes the real-world utility of mobile agents such as aglets, IBM's autonomous Java- based software agent technology.
Method Invocation and Return -- Describes the four ways the Java virtual machine invokes methods, including the relevant bytecodes.
Thread Synchronization -- Shows how thread synchronization works in the Java virtual machine. Discusses the bytecodes for entering and exiting monitors.
Java's Security Architecture -- Gives an overview of the security model built into the JVM and looks at the JVM's built-in safety features.
Security and Class Loaders -- Shows how the JVM's class loader architecture contributes to Java's overall security strategy.
Security and the Class Verifier -- Explains how the class verifier fits into the JVM's security architecture.

RESEARCH CENTERS: Java Standard Edition | Java Enterprise Edition | Java Micro Edition | Development Tools

About Us | Advertise | Contact Us | Terms of Service/Privacy

Copyright, 2006-2008 Network World, Inc. All rights reserved.