Start of Tutorial > Start of Trail > Start of Lesson

Search Feedback Form

What Does the JDK Security API Provide?

The JDK Security API is a Java core API, built around the java.security package (and its subpackages).

API Methods

Clients can call API methods to incorporate security functionality into their applications, including for

• using cryptography services implemented by the built-in "SUN" provider and/or other provider packages. These services include digital signature, message digest, key generation, and random number generation algorithms; keystore creation and management services; algorithm parameter generation and management services; and key and certificate "factories" for creating keys or certificates from existing material (e.g., encodings).

• adding security checks to ensure a caller has a specified customized permission (see Customizing the Security Features).

• marking code "privileged" so it can exercise more permissions than the caller has.

• getting or setting values of system-wide security properties.

The Generating and Verifying Signatures lesson shows how to write programs using the cryptography aspects of the JDK Security API to generate (or import) keys, generate a digital signature for data using the private key, and verify the authenticity of a signature.

The Implementing Your Own Permission lesson illustrates defining your own permission, adding security checks to your code to ensure a caller has the specified permission, and marking code as "privileged".

The Quick Tour of Controlling Applications lesson includes a GetProps program that gets the values of the "user.home" and "java.home" properties.

Customization of the Security Features

The API enables clients to define and integrate their own

• new Permissions.

• cryptography service implementations (in one or more provider packages).

• SecurityManager implementation (to replace the default implementation otherwise automatically loaded for applets, and for applications whose execution was requested to have a security manager).

• Policy implementation (to replace the default built-in implementation).

The Implementing Your Own Permission lesson illustrates defining your own permission and adding security checks to your code to ensure a caller has the specified permission.

The latter two (SecurityManager and Policy) implementation replacements will be done rarely (e.g., by virtual machine implementors) and are beyond the scope of this tutorial.

Adding a cryptography service implementation is something that is expected to be done by a larger number of developers, but it also is beyond the scope of this tutorial. See How to Implement a Provider for the Java Cryptography Architecture on the public java.sun.com web site for a detailed description of the clearly-defined steps required to implement a provider package supplying one or more cryptography services.

What about Encryption and Decryption?

APIs for data encryption and decryption, together with some default algorithm implementations, are released separately in a "Java Cryptography Extension" (JCE) as an add-on package to the JDK, in accordance with U.S. export control regulations. They are not covered by this trail.

Start of Tutorial > Start of Trail > Start of Lesson

Search Feedback Form

Copyright 1995-2005 Sun Microsystems, Inc. All rights reserved.