Includes index.

Java Application Security -- What Is Security? -- The Java Sandbox -- Security Debugging -- The Default Sandbox -- Elements of the Java Sandbox -- Keystores -- Code Sources -- Policy Files -- The Default Sandbox -- The java.security File -- Comparison with Previous Releases -- Java Language Security -- Java Language Security Constructs -- Enforcement of the Java Language Rules -- Comparisons with Previous Releases -- The Security Manager -- Overview of the Security Manager -- Operating on the Security Manager -- Methods of the Security Manager -- Comparison with Previous Releases -- The Access Controller -- The CodeSource Class -- The Policy Class -- Protection Domains -- The AccessController Class -- Guarded Objects -- Comparison with Previous Releases -- Java Class Loaders -- The Class Loader and Namespaces -- Class Loading Architecture -- Implementing a Class Loader -- Miscellaneous Class Loading Topics -- Comparison with Previous Releases -- Introduction to Cryptography -- The Need for Authentication -- The Role of Authentication -- Cryptographic Engines -- Security Providers -- The Architecture of Security Providers -- The Provider Class -- The Security Class -- The Architecture of Engine Classes -- Comparison with Previous Releases -- Keys and Certificates -- Keys -- Generating Keys -- Key Factories -- Certificates -- Keys, Certificates, and Object Serialization -- Comparison with Previous Releases -- Key Management -- Key Management Terms -- The keytool -- The Key Management API -- A Key Management Example -- Secret Key Management -- Comparison with Previous Releases -- Message Digests -- Using the Message Digest Class -- Secure Message Digests -- Message Digest Streams -- Implementing a MessageDigest Class -- Comparison with Previous Releases -- Digital Signatures -- The Signature Class -- Signed Classes -- Implementing a Signature Class -- Comparison with Previous Releases -- Cipher-Based Encryption -- The Cipher Engine -- Cipher Streams -- Sealed Objects -- Comparison with Previous Releases -- SSL and HTTPS -- An Overview of SSL and JSSE -- SSL Client and Server Sockets -- SSL Sessions -- SSL Contexts and Key Managers -- Miscellaneous SSL Issues -- The HTTPS Protocol Handler -- Debugging JSSE -- Authentication and Authorization -- JAAS Overview -- Simple JAAS programming -- Simple JAAS Administration -- Advanced JAAS Topics -- The Java.security File -- Security Resources -- Identity-Based Key Management -- The Secure Java Container -- Implementing a JCE Security Provider -- Quick Reference.

One of Java's most striking claims is that it provides a secure programming environment. Yet despite endless discussion, few people understand precisely what Java's claims mean and how it backs up those claims. If you're a developer, network administrator or anyone else who must understand or work with Java's security mechanisms, Java Security is the in-depth exploration you need.The new second edition focuses on the basic platform features of Java that provide security--the class loader, the bytecode verifier, and the security manager--and recent additions to Java that enhance this security model: digital signatures, security providers, and the access controller. The book covers the security model of Java 2, Version 1.3, which is significantly different from that of Java 1.1. It has extensive coverage of the two new security APIs: JAAS (Java Authentication and Authorization Service) and JSSE (Java Secure Sockets Extension). Java Security, 2nd Edition, will give you a clear understanding of the architecture of Java's security model and how to use that model in both programming and administration.