Security has been a hallmark of the Java platform since its inception. The topic of security covers many different areas: there is the default Java security model, which prevents untrusted code from performing potentially dangerous operations; cryptographic algorithms like digital signatures and key management that are built into the core Java platform; cryptographic operations such as encryption (including SSL) that are available as extensions to the Java platform; and user authentication and authorization.
In this tutorial, we'll give an overview of the entire security architecture of the Java platform and then delve into three aspects of that architecture. First, we'll examine the default Java sandbox, how it works to prevent untrusted code from performing certain operations, how it can be altered by end users and system administrators, and how you can develop your own programs that modify the operation of the sandbox.
Next, we'll look into the Java extensions that perform encryption, including those that perform SSL encryption.
Finally, we'll look into the Java Authentication and Authorization Service, which allows server code to be run only by users that have presented the appropriate credentials.
Course Outline:
- Introduction
- Overview of the Java security model and architecture
- The Java Sandbox
- Working with the default sandbox
- Working with the security tools (jarsigner, keytool, etc.)
- Programmatic techniques to modify the sandbox
- Encryption
- General encryption APIs
- SSL
- Authentication
- JAAS
Prerequisites:
Participants should have a basic understanding of Java programming. A knowledge of security fundamentals (digital signatures, certificates, etc.) is helpful but not required; we present the "how-to" of these operations without a lot of rationale about them.
