The Importance of Java Technology

Java is one of the most popular software technologies in the industry today. With the power of platform-independence, portability, and vendor-independence, Java has become a vital component of most IT infrastructures in businesses, organizations, and communities worldwide. Sun Microsystems has achieved Java support on every possible computing device by defining different platform editions, such Java 2 Standard Edition (J2SE), Java 2 Enterprise Edition (J2EE), Java 2 Micro Edition (J2ME), and the Java Card Platform Edition. With overwhelming successes, the Java 2 Enterprise Edition (J2EE) platform is the platform of choice for developing and deploying large-scale Web-centric enterprise-class application solutions. The Java 2 Micro Edition and Java Card Platform have become the de facto platforms for enabling and delivering application solutions on microdevices and smart cards, respectively. Widely adopted as a secure and reliable middleware platform in the software industry, Java runs on a variety of platforms and devicesfrom wallet-sized smart cards to huge mainframe computers to power-up mission-critical applications that deliver secure network communications. Java technology has also been well-accepted in industries involved with gaming, automobiles, space-based telemetry, embedded devices, and real-time processing.

Today, Java provides the software industry with a standardized platform that is continuously evolving through an open community-based process (Java Community Process). This process engages a variety of enterprise computing vendors to ensure that the platform meets the widest possible range of industry and business requirements. As a result, Java addresses the core issues that impede organizations' efforts to maintain a competitive pace in the exploding information economy.

Security in the Java Platform

Java was originally designed for network-based computing, and so security measures were an integral part of Java's design from the beginning. Java's security model differs greatly from traditional approaches and competing platforms. First, most operating systems permit applications to access system resources, and it is the administrator's or the users' responsibility to set permissions and protect the exposed resources from unauthorized access. More importantly, users must verify the application's authenticity before executing it and must assume it does not contain any viruses or malicious programs. These are the common drawbacks in popular operating systems; they rely on the end user to perform the application verification and trust before executing it. In comparison, Java takes a proactive approach by addressing security as an integral part of its core platform. It allows users to download and execute untrusted applications without any undue risk by restricting such code to their own sandbox. This sandbox mechanism protects the resources from potential vulnerabilities so that the downloaded program cannot access or alter the user's resources beyond the sandbox. Java also provides end-to-end security of an application beyond its underlying platform, ensuring security at all levels, including its users, components, services, and communications.

Because a key focus of this book is the security of Java-based applications and services, we will study and explore the details of Java security architecture in the next few chapters.