| |
| |
Preface | |
| |
| |
| |
Java Application Security | |
| |
| |
What Is Security? | |
| |
| |
Software Used in This Book | |
| |
| |
The Java Sandbox | |
| |
| |
Security Debugging | |
| |
| |
Summary | |
| |
| |
| |
The Default Sandbox | |
| |
| |
Elements of the Java Sandbox | |
| |
| |
Permissions | |
| |
| |
Keystores | |
| |
| |
Code Sources | |
| |
| |
Policy Files | |
| |
| |
The Default Sandbox | |
| |
| |
The java.security File | |
| |
| |
Comparison with Previous Releases | |
| |
| |
Summary | |
| |
| |
| |
Java Language Security | |
| |
| |
Java Language Security Constructs | |
| |
| |
Enforcement of the Java Language Rules | |
| |
| |
Comparisons with Previous Releases | |
| |
| |
Summary | |
| |
| |
| |
The Security Manager | |
| |
| |
Overview of the Security Manager | |
| |
| |
Operating on the Security Manager | |
| |
| |
Methods of the Security Manager | |
| |
| |
Comparison with Previous Releases | |
| |
| |
Summary | |
| |
| |
| |
The Access Controller | |
| |
| |
The CodeSource Class | |
| |
| |
Permissions | |
| |
| |
The Policy Class | |
| |
| |
Protection Domains | |
| |
| |
The AccessController Class | |
| |
| |
Guarded Objects | |
| |
| |
Comparison with Previous Releases | |
| |
| |
Summary | |
| |
| |
| |
Java Class Loaders | |
| |
| |
The Class Loader and Namespaces | |
| |
| |
Class Loading Architecture | |
| |
| |
Implementing a Class Loader | |
| |
| |
Miscellaneous Class Loading Topics | |
| |
| |
Comparison with Previous Releases | |
| |
| |
Summary | |
| |
| |
| |
Introduction to Cryptography | |
| |
| |
The Need for Authentication | |
| |
| |
The Role of Authentication | |
| |
| |
Cryptographic Engines | |
| |
| |
Summary | |
| |
| |
| |
Security Providers | |
| |
| |
The Architecture of Security Providers | |
| |
| |
The Provider Class | |
| |
| |
The Security Class | |
| |
| |
The Architecture of Engine Classes | |
| |
| |
Comparison with Previous Releases | |
| |
| |
Summary | |
| |
| |
| |
Keys and Certificates | |
| |
| |
Keys | |
| |
| |
Generating Keys | |
| |
| |
Key Factories | |
| |
| |
Certificates | |
| |
| |
Keys, Certificates, and Object Serialization | |
| |
| |
Comparison with Previous Releases | |
| |
| |
Summary | |
| |
| |
| |
Key Management | |
| |
| |
Key Management Terms | |
| |
| |
The keytool | |
| |
| |
The Key Management API | |
| |
| |
A Key Management Example | |
| |
| |
Secret Key Management | |
| |
| |
Comparison with Previous Releases | |
| |
| |
Summary | |
| |
| |
| |
Message Digests | |
| |
| |
Using the Message Digest Class | |
| |
| |
Secure Message Digests | |
| |
| |
Message Digest Streams | |
| |
| |
Implementing a MessageDigest Class | |
| |
| |
Comparison with Previous Releases | |
| |
| |
Summary | |
| |
| |
| |
Digital Signatures | |
| |
| |
The Signature Class | |
| |
| |
Signed Classes | |
| |
| |
Implementing a Signature Class | |
| |
| |
Comparison with Previous Releases | |
| |
| |
Summary | |
| |
| |
| |
Cipher-Based Encryption | |
| |
| |
The Cipher Engine | |
| |
| |
Cipher Streams | |
| |
| |
Sealed Objects | |
| |
| |
Comparison with Previous Releases | |
| |
| |
Summary | |
| |
| |
| |
SSL and HTTPS | |
| |
| |
An Overview of SSL and JSSE | |
| |
| |
SSL Client and Server Sockets | |
| |
| |
SSL Sessions | |
| |
| |
SSL Contexts and Key Managers | |
| |
| |
Miscellaneous SSL Issues | |
| |
| |
The HTTPS Protocol Handler | |
| |
| |
Debugging JSSE | |
| |
| |
Summary | |
| |
| |
| |
Authentication and Authorization | |
| |
| |
JAAS Overview | |
| |
| |
Simple JAAS programming | |
| |
| |
Simple JAAS Administration | |
| |
| |
Advanced JAAS Topics | |
| |
| |
Summary | |
| |
| |
| |
The Java.security File | |
| |
| |
| |
Security Resources | |
| |
| |
| |
Identity-Based Key Management | |
| |
| |
| |
The Secure Java Container | |
| |
| |
| |
Implementing a JCE Security Provider | |
| |
| |
| |
Quick Reference | |
| |
| |
Index | |