Chapter 7. J2SE Security Fundamentals

 <  Day Day Up  >  

Java technology is not just for applets any more. Developers now use Java technology to build stand-alone, enterprise-class applications to enable disparate clients , such as workstations, personal computers, Java-based network computers, mobile telephones, and personal digital assistants, to access legacy databases and share applications across the network.

The J2EE security architecture builds on the basic characteristics of J2SE security. It is therefore helpful to understand J2SE security before studying the advanced features J2EE offers. This chapter describes the basic J2SE security model and introduces all the main concepts related to Java security. Chapter 8 discusses the Java 2 permission model, and Chapter 9 focuses on how Java Authentication and Authorization Service (JAAS) augments the basic permission model by providing user authentication and authorization. Readers who are already experienced with the basic J2SE security model can quickly glance through this part of the book or even skip it entirely. However, readers who do not have a solid background on J2SE security will find that this material will help them understand J2EE security.

The J2SE security model has evolved and matured over the years and has become very complex and articulated .

We begin this chapter by discussing access restrictions to classes, interfaces, methods , and fields. We then cover the three legs of Java security, which are three fundamental security components of the Java Runtime Environment:

  1. Class loaders. Class loaders determine how and when Java programs can load code and are ultimately responsible for loading it. From a security perspective, class loaders ensure that system-level components within the runtime environment are not replaced with untrusted code.

  2. Class file verifier. The class file verifier ensures proper formatting of nonsystem code by verifying that the bytecode does not violate the type-safety restrictions of the JVM, that internal stacks cannot overflow and underflow, and that the bytecode instructions will have correctly typed arguments.

  3. Security manager. The security manager, implemented as an instance of java.lang.SecurityManager , enforces runtime access control restrictions on attempts to perform file and network I/O operations, create a new class loader, manipulate java.lang.Threads and java.lang.ThreadGroups , start processes on the underlying operating system, terminate the JVM, load non-Java libraries ” native code ”into the JVM, perform certain types of windowing system operations, load certain types of classes into the JVM, instantiate a new SecurityManager , change the current SecurityManager , access system and security properties, and so on. For example, the Java sandbox , which severely constrains downloaded, untrusted applets to a limited set of functions that are considered to be relatively safe, is a function of the SecurityManager . No more than one SecurityManager can be active at any given time in a JVM.

Figure 7.1 shows a simplified view of the JVM, from which we can see where the three security legs fit in the architecture of the JVM.

Figure 7.1. JVM Components

graphics/07fig01.gif

This chapter is useful for anyone who wants to understand the foundation of Java security. J2EE product providers in particular will find this chapter helpful in understanding how they can customize class loaders and SecurityManager to achieve a more sophisticated control on the security implementation of their J2EE products.

 <  Day Day Up  >  


Enterprise Java Security. Building Secure J2EE Applications
Enterprise Javaв„ў Security: Building Secure J2EEв„ў Applications
ISBN: 0321118898
EAN: 2147483647
Year: 2004
Pages: 164

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net