Topics in This Chapter
Building end-to-end security of an application mandates a security architecture beyond the application's underlying runtime platform. Security must be extended at all levels, including users, components, services, and communications. Without any compromise, the application security infrastructure must address the core security requirements of maintaining integrity, confidentiality, and privacy of data during communication and storage as well as preventing unauthorized access or damage caused by any unprivileged user(s) and their associated risks. Accordingly, when an organization plans to build Internet-based business applications or enable their applications over a network, it becomes very important to ensure that such applications are built to meet all security requirements beyond their runtime execution environment.
In the previous chapter, we looked at the core Java platform security architecture, which provides a secure and restricted runtime environment for applications to execute safely and reliably. In addition to runtime security, the Java platform provides an extensible security architecture to support a variety of security infrastructure services, including cryptographic services; certificate interfaces and classes for managing digital certificates; Public Key Infrastructure (PKI) interfaces and classes to access, modify, and manage the key repository; certificates and secure socket communication to protect the privacy and integrity of data transited over the network; services for authentication and access control; and mechanisms for single sign-on access to underlying applications.
This chapter expands on the Java extensible security architecture and its API framework and discusses how to utilize those provider implementations and APIs for building security infrastructure in Java-based solutions. In particular, we will be taking an in-depth look at the core Java security API solutions and implementation strategies that contribute to building end-to-end security of Java-based application solutions. In addition, this chapter will also discuss the new Java security enhancements made in the release of J2SE 5.0.