Featured White Papers

• Why choose an Open Source BPM?
• 10 FAQs on Business Process Management
• Best Practices for Getting Started with BPM
• Free Your Devs From The Pain Of Java Redeploys
• Increase Velocity 40% by Using JRebel
• What Developers Want: The End of Application Redeploys
• Developer Productivity Report: Java Tools, Tech, Devs, and Data
• Coding with JRebel: Java Forever Changed
• Utilizing Fast Testing to Transform Java Development
• Do You Really Get Classloaders?
• Pragmatic Continuous Delivery with Jenkins, Nexus, and LiveRebel
• Your Next Java Web App: Less XML, No Long Restarts, Fewer Hassles
• Coding with JRebel, Java Forever Changed
• 2012 Developer Productivity Report: Java Tools, Tech, Devs, and Data

Sponsored Links

• APIs for Java Programmers: Manage & Convert DOC, XLS, PPT, PDF & More

• Instantly Preview Java Code Changes: JRebel.com

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

Java security evolution and concepts, Part 5

J2SE 1.4 offers numerous improvements to Java security

By Raghavan N. Srinivas, JavaWorld.com, 12/21/01

Java security evolution and concepts: Read the whole series!

• Part 1: Learn computer security concepts and terms in this introductory overview
• Part 2: Discover the ins and outs of Java security
• Part 3: Tackle Java applet security with confidence
• Part 4: Learn how optional packages extend and enhance Java security
• Part 5: J2SE 1.4 offers numerous improvements to Java security

This article, the last of five in the Java security series, follows the examples introduced in Part 3 and briefly revisits the optional packages covered in Part 4. By revisiting the examples from earlier articles, we can reinforce concepts and understand what has changed in the interim.

After an overview of those security features that have changed between J2SE (Java 2 Platform, Standard Edition) 1.3 and the upcoming J2SE 1.4, this article digs deeper into the new packages included in 1.4. The first of the newer packages is the Java Certification Path (CertPath) API, which supports certificate chain manipulation. Second is the Java GSS-API (JGSS), which contains the Java bindings for the Generic Security Services Application Program Interface (GSS-API) for standardized access to a variety of security services and a framework for a single sign-on.

Overview of changes

First, let's quickly look at the changes between J2SE 1.3 and 1.4.

Optional packages move into the 1.4 core

As the most obvious change between J2SE 1.3 security and 1.4, the optional packages (examined in Part 4) will move into 1.4's core security structure:

• Java Authentication and Authorization Service (JAAS): A framework for performing user-based authentication
• Java Cryptography Extension (JCE): A framework for using strong ciphers on a global basis
• Java Secure Socket Extension (JSSE): Support for SSL and TLS (Transport Layer Security)

Each of the aforementioned packages will be available on every J2SE 1.4 installation, obviating the need to install them explicitly.

New 1.4 packages

Besides moving the optional packages into the J2SE core, J2SE 1.4 will also feature two new security packages:

• Java CertPath API: Classes, methods, and interfaces to build and validate certificate chains
• JGSS API: Java bindings for the Generic Security Services API

The bulk of this article will be devoted to looking into these two packages.

Other changes

As a result of JAAS becoming an integral part of core security, access control is no longer solely based on code source (i.e., where the code is from and who signed it), but also on who is running the code. As a result, both the Policy files and the graphical Policy tool have been enhanced to accommodate the changes.