Summaries |
The JDK Security API is a Java core API, built around the
java.security
package (and its subpackages).API Methods
Clients can call API methods to incorporate security functionality into their applications, including for
- using cryptography services implemented by the built-in "SUN" provider and/or other provider packages. These services include digital signature, message digest, key generation, and random number generation algorithms; keystore creation and management services; algorithm parameter generation and management services; and key and certificate "factories" for creating keys or certificates from existing material (e.g., encodings).
- adding security checks to ensure a caller has a specified customized permission (see Customizing the Security Features).
- marking code "privileged" so it can exercise more permissions than the caller has.
- getting or setting values of system-wide security properties.
The Generating and Verifying Signatures [API] lesson shows how to write programs using the cryptography aspects of the JDK Security API to generate (or import) keys, generate a digital signature for data using the private key, and verify the authenticity of a signature.
The Implementing Your Own Permission lesson illustrates defining your own permission, adding security checks to your code to ensure a caller has the specified permission, and marking code as "privileged".
The Quick Tour of Controlling Applications lesson includes a
GetProps
program that gets the values of the"user.home"
and"java.home"
properties.Customization of the Security Features
The API enables clients to define and integrate their own
The Implementing Your Own Permission lesson illustrates defining your own permission and adding security checks to your code to ensure a caller has the specified permission.
- new Permissions.
- cryptography service implementations (in one or more provider packages).
SecurityManager
implementation (to replace the default implementation otherwise automatically loaded for applets, and for applications whose execution was requested to have a security manager).
Policy
implementation (to replace the default built-in implementation).The latter two (
SecurityManager
andPolicy
) implementation replacements will be done rarely (e.g., by virtual machine implementors) and are beyond the scope of this tutorial.Adding a cryptography service implementation is something that is expected to be done by a larger number of developers, but it also is beyond the scope of this tutorial. See How to Implement a Provider for the Java Cryptography Architecture on the public
java.sun.com
web site for a detailed description of the clearly-defined steps required to implement a provider package supplying one or more cryptography services.What about Encryption and Decryption?
APIs for data encryption and decryption, together with some default algorithm implementations, are released separately in a "Java Cryptography Extension" (JCE) as an add-on package to the JDK, in accordance with U.S. export control regulations. They are not covered by this trail.
Summaries |