Home · About · A-Z Index · Search · Contacts · Press · Register · LoginSecurity Forum |
Return to Security home pageCurrent work:- MGIS - PKI Useful links: |
Java
Security Historically, Java security has been considered in terms of providing a sandbox, or virtual machine, restricting the capabilities of downloaded "applet" code in order to limit the potential damage that code could cause. Java is now increasingly being used in other environments while the concept of mobile code is still an important one, Java code is also used in stand-alone application programs, on both sides of client-server applications, and as part of distributed service architectures. The Java security model has evolved along with this wider usage to include several factors in access control decisions, such as the origin of object classes (both physical location and originator/author), the execution context (which other classes were involved in invoking the operation) and the principals (such as a human user's identity). The foundation of the Java security model is that objects are themselves responsible for protecting resources which they encapsulate, by defining a permission class to represent the access rights, and invoking a shared security manager object to determine if a caller has been granted access rights to a specific resource instance. This type of programmatic access control has been complemented in the Java 2 Platform Enterprise Edition (J2EE) by the notion of declarative security, that is access control of reusable application components enforced by object containers according to security roles defined when the application is deployed. Declarative security removes the need for application component providers to implement their own security controls, and allows a consistent security policy to be defined even for applications constructed from multiple vendors' components. Recent developments in Java security include a specification effort to unify the enforcement mechanisms used by objects to protect their own resources and by containers to protect application components, allowing third-party security policy engines and security management tools to be used. That specification is being developed within the Java Community ProcessSM (see http://www.jcp.org/jsr/detail/115.jsp). The Open Group Security Forum is not currently engaged in any work items focused specifically on Java security, although Java security classes will be covered in several of the "Known Implementations" sections in the Guide to Security Patterns. Java Security Links
Recommended Books
Java Security Discussion Groups
Java and J2EE are trademarks of Sun Microsystems, Inc. Craig Heath, 22 Oct 2001 |
Events
Members Only
Who to Contact |
Home · Contacts · Legal · Copyright · Members · News |
|||
© The Open Group 1995-2020 |
|||
|