0.4. Organization of This Book
This book is organized in a bottom-up fashion: we begin with the very
low-level aspects of Java security and then proceed to the more
Chapter 1, "Java Application Security"
This chapter gives an overview of the security model (the Java sandbox) used in Java applications and sets the stage for the rest of the book.
Chapter 2, "Java Language Security"
This chapter discusses the memory protections built into the Java language, how those protections provide a measure of security, and how they are enforced by the bytecode verifier.
Chapter 3, "Java Class Loaders"
This chapter discusses the class loader, which is the class that reads in Java class files and turns them into classes. From a security perspective, the class loader is important in determining where classes originated and whether or not they were digitally signed (and if so, by whom), so the topic of class loaders appears throughout this book.
Chapter 4, "The Security Manager Class"
This chapter discusses the security manager, which is the primary interface to application-level security in Java. The security manager is responsible for arbitrating access to all local resources: files, the network, printers, etc.
Chapter 5, "The Access Controller"
The access controller is the basis for security manager implementations in Java 1.2. This chapter discusses how to use the access controller to achieve fine-grained levels of security in your application.
Chapter 6, "Implementing Security Policies"
This chapter ties together the information on the security manager and the access controller and shows how to implement one or both to achieve a desired security policy in your application.
Chapter 7, "Introduction to Cryptography"
This chapter provides an overview to the cryptographic algorithms of the Java security package. It provides a background for the remaining chapters in the book.
Chapter 8, "Security Providers"
This chapter discusses the architecture of the Java security package, and how that architecture may be used to extend or supplant the default cryptographic algorithms that come with the JDK.
Chapter 9, "Message Digests"
This chapter discusses message digests: how to create them, how to use them, and how to implement them.
Chapter 10, "Keys and Certificates"
This chapter discusses the APIs available to model cryptographic keys and certificates, and how those keys and certificates may be electronically transmitted.
Chapter 11, "Key Management"
This chapter discusses how keys can be managed within a Java program: how and where they may be stored and how they can be retrieved and validated.
Chapter 12, "Digital Signatures"
This chapter discusses how to create, use, and implement digital signatures. This chapter also contains a discussion of signed classes.
Chapter 13, "Encryption"
This chapter discusses the Java Cryptography Extension, which allows developers to encrypt and decrypt arbitrary streams of traffic.
Appendix A, "Security Tools"
This appendix discusses the administrative tools that come with Java that enable end users and administrators to work with the Java security model: keytool, jarsigner, and policytool.
Appendix B, "Identity-Based Key Management"
Key management in Java 1.1 was radically different than the systems we explored in the main text. This appendix discusses how key management was handled in Java 1.1; it uses classes that are still present (but are deprecated) in 1.2.
Appendix C, "Security Resources"
This appendix discusses how to keep up-to-date with information about Java's security implementation, including a discussion of Java security bugs and general resources for further information.
Appendix D, "Quick Reference"
This appendix is a simple reference guide to the classes that are discussed in this book.
Copyright © 2001 O'Reilly & Associates. All rights reserved.