Sun Java Solaris Communities My SDN Account Join SDN
» search tips 
Sun Developer Network
Developers Home > Java Technology > Java SE > Technologies >
 

Java SE Security

Many technologies, one platform
Java SE technologies provide the functionality to develop and run applications
» Get Java SE
Active TabTechnologies
  
Begin Product Tab Sub Links At a Glance Core Database Desktop Accessibility Active Sub Link Security Tools Web Services Real-Time

Java SE Security


Java security technology includes a large set of APIs, tools, and implementations of commonly used security algorithms, mechanisms, and protocols. The Java security APIs span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control. Java security technology provides the developer with a comprehensive security framework for writing applications, and also provides the user or administrator with a set of tools to securely manage applications.

Java SE Security Documentation J2SE 1.4.2 | J2SE 5.0 | Java SE 6

 
Other Resources:  
 
Java SE Security Overview

Underlying the Java SE Platform is a dynamic, extensible security architecture, standards-based and interoperable. Security features — cryptography, authentication and authorization, public key infrastructure, and more — are built in. The Java security model is based on a customizable "sandbox" in which Java software programs can run safely, without potential risk to systems or users.

The table below describes each security feature in more detail and points you to resources with more information.

See the Java SE 6 Security Documentation for further information on the security features and changes for the current release.

High-level Features

Low-level Features

Benefits

References

Platform Security

Built-in language security features enforced by the Java compiler and virtual machine:

  • Strong data typing

  • Automatic memory management

  • Bytecode verification

  • Secure class loading

Provides a safe and secure platform for developing and running applications. Compile-time data type checking and automatic memory management leads to more robust code and reduces memory corruption and vulnerabilities. Bytecode verification ensures code conforms to the JVM specification and prevents hostile code from corrupting the runtime environment. Class loaders ensure that untrusted code cannot interfere with the running of other Java programs.

Cryptography

  • Comprehensive API with support for a wide range of cryptographic services including digital signatures, message digests, ciphers (symmetric, asymmetric, stream & block), message authentication codes, key generators and key factories

  • Support for a wide range of standard algorithms including RSA, DSA, AES, Triple DES, SHA, PKCS#5, RC2, and RC4.

  • PKCS#11 cryptographic token support

Provides an extensible, full featured API for building secure applications:

  • Algorithm and implementation independent

  • Provider-based (pluggable) architecture

Authentication and Access Control

  • Abstract authentication APIs that can incorporate a wide range of login mechanisms through a pluggable architecture.

  • A comprehensive policy and permissions API that allows the developer to create and administer applications requiring fine-grained access to security-sensitive resources.

Enables single sign-on of multiple authentication mechanisms and fine-grained access to resources based on the identity of the user or code signer.  Recent support (in JDK 5) for timestamped signatures makes it easier to deploy signed code by avoiding the need to re-sign code when the signer's certificate expires. 


Secure Communications

APIs and implementations for the following standards-based secure communications protocols: Transport Layer Security (TLS), Secure Sockets Layer (SSL), Kerberos (accessible through GSS-API), and the Simple Authentication and Security Layer (SASL). Full support for HTTPS over SSL/TLS is also included.

Authenticates peers over an untrusted network and protects the integrity and privacy of data transmitted between them.

Public Key Infrastructure (PKI)

Tools for managing keys and certificates and comprehensive, abstract APIs with support for the following features and algorithms:

  • Certificates and Certificate Revocation Lists (CRLs): X.509

  • Certification Path Validators and Builders: PKIX (RFC 3280), On-line Certificate Status Protocol (OCSP)

  • KeyStores: PKCS#11, PKCS#12

  • Certificate Stores (Repositories): LDAP, java.util.Collection

Eases the development and deployment of complex PKI applications. Recent support (in JDK 5) for OCSP provides a more scalable and timely method for applications to check certificate revocation status.
Java SE Site Map
 
Update Your Java Runtime Environment
Related Information
The Java Language
Java Communications API
Java Telephony API
Java SE Core Technologies FAQs
Tech Tips
Sample Code
Forums
Bug Database
Java SE Blogs
 
Related Resources
Java SE for Business
Compatibility
Performance
Security
Mobility
Timezone Updates
 
Related Downloads
XML and Web Services
Java Media Framework
 
Popular Topics
JDK 6 Adoption Guide
Java Platform Migration Guide (PDF)
Garbage Collection Tuning
Troubleshooting Java SE
 
Sun Resources
BigAdmin (sysadmin resources)
Sun Web Learning Center
Java Training
 
Related Sites
java.com
java.net
NetBeans
Java EE SDK
OpenJDK Project
Open-Source Java Project
 
 
Getting Started?
New to Java Center
Java Tutorial: Getting Started
Tutorials
Quizzes
Java SE Training
 
About Sun  |  About This Site  |  Newsletters  |  Contact Us  |  Employment
How to Buy  |  Licensing  |  Terms of Use  |  Privacy  |  Trademarks
 

 
Copyright Sun Microsystems, Inc.
A Sun Developer Network Site

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.
 
XML Sun Developer RSS Feeds