Books & Videos

Table of Contents

  1. Chapter 1 Java Application Security

    1. What Is Security?

    2. Software Used in This Book

    3. The Java Sandbox

    4. Security Debugging

    5. Summary

  2. Chapter 2 The Default Sandbox

    1. Elements of the Java Sandbox

    2. Permissions

    3. Keystores

    4. Code Sources

    5. Policy Files

    6. The Default Sandbox

    7. The java.security File

    8. Comparison with Previous Releases

    9. Summary

  3. Chapter 3 Java Language Security

    1. Java Language Security Constructs

    2. Enforcement of the Java Language Rules

    3. Comparisons with Previous Releases

    4. Summary

  4. Chapter 4 The Security Manager

    1. Overview of the Security Manager

    2. Operating on the Security Manager

    3. Methods of the Security Manager

    4. Comparison with Previous Releases

    5. Summary

  5. Chapter 5 The Access Controller

    1. The CodeSource Class

    2. Permissions

    3. The Policy Class

    4. Protection Domains

    5. The AccessController Class

    6. Guarded Objects

    7. Comparison with Previous Releases

    8. Summary

  6. Chapter 6 Java Class Loaders

    1. The Class Loader and Namespaces

    2. Class Loading Architecture

    3. Implementing a Class Loader

    4. Miscellaneous Class Loading Topics

    5. Comparison with Previous Releases

    6. Summary

  7. Chapter 7 Introduction to Cryptography

    1. The Need for Authentication

    2. The Role of Authentication

    3. Cryptographic Engines

    4. Summary

  8. Chapter 8 Security Providers

    1. The Architecture of Security Providers

    2. The Provider Class

    3. The Security Class

    4. The Architecture of Engine Classes

    5. Comparison with Previous Releases

    6. Summary

  9. Chapter 9 Keys and Certificates

    1. Keys

    2. Generating Keys

    3. Key Factories

    4. Certificates

    5. Keys, Certificates, and Object Serialization

    6. Comparison with Previous Releases

    7. Summary

  10. Chapter 10 Key Management

    1. Key Management Terms

    2. The keytool

    3. The Key Management API

    4. A Key Management Example

    5. Secret Key Management

    6. Comparison with Previous Releases

    7. Summary

  11. Chapter 11 Message Digests

    1. Using the Message Digest Class

    2. Secure Message Digests

    3. Message Digest Streams

    4. Implementing a MessageDigest Class

    5. Comparison with Previous Releases

    6. Summary

  12. Chapter 12 Digital Signatures

    1. The Signature Class

    2. Signed Classes

    3. Implementing a Signature Class

    4. Comparison with Previous Releases

    5. Summary

  13. Chapter 13 Cipher-Based Encryption

    1. The Cipher Engine

    2. Cipher Streams

    3. Sealed Objects

    4. Comparison with Previous Releases

    5. Summary

  14. Chapter 14 SSL and HTTPS

    1. An Overview of SSL and JSSE

    2. SSL Client and Server Sockets

    3. SSL Sessions

    4. SSL Contexts and Key Managers

    5. Miscellaneous SSL Issues

    6. The HTTPS Protocol Handler

    7. Debugging JSSE

    8. Summary

  15. Chapter 15 Authentication and Authorization

    1. JAAS Overview

    2. Simple JAAS programming

    3. Simple JAAS Administration

    4. Advanced JAAS Topics

    5. Summary

  1. Appendix The java.security File

  2. Appendix Security Resources

    1. Security Bugs

    2. Third-Party Security Providers

    3. Security References

  3. Appendix Identity-Based Key Management

    1. Javakey

    2. Identities

    3. Identity Scopes

    4. Key Management in an Identity Scope

    5. Summary

  4. Appendix The Secure Java Container

    1. The 1.1-Based Class Loader

    2. The 1.1-Based Security Manager

    3. Running Secure Applications

    4. Summary

  5. Appendix Implementing a JCE Security Provider

  6. Appendix Quick Reference

    1. Package java.security

    2. Package java.security.cert

    3. Package java.security.interfaces

    4. Package java.security.spec

    5. Package javax.crypto

    6. Package javax.crypto.interfaces

    7. Package javax.crypto.spec

    8. Package javax.net

    9. Package javax.net.ssl

    10. Package javax.security.auth

    11. Package javax.security.auth.callback

    12. Package javax.security.auth.login

    13. Package javax.security.auth.spi

    14. Package javax.security.cert

    15. Package com.sun.net.ssl

    16. Package com.sun.security.auth

    17. Package com.sun.security.auth.login

    18. Package com.sun.security.auth.module

    19. Miscellaneous Packages

  7. Colophon