Security
Security enhancements for the Java2 SDK, Standard Edition, v 1.4.1 include the following:
- Three new security tools were added in the 1.4.1 release of the Java 2 platform: kinit, klist, and ktab. These tools help users obtain, list and manage Kerberos tickets. See the Security Tools section of the Java 2 SDK Tools and Utilities documentation for more information.
- The Sun SecureRandom implementation now also makes use of an operating system-provided entropy source on Windows platforms, which can improve the startup time of cryptographic applications considerably. Edit the <java.home>/lib/security/java.security to control this feature.
- New root CA certificates with aliases baltimorecodesigningca, gtecybertrustglobalca, baltimorecybertrustca, gtecybertrustca, and gtecybertrust5ca have been added to the <java.home>/lib/security/cacerts keystore file.
Security enhancements for the previous release,
Java2 SDK, Standard Edition, v 1.4
included the following:
- The Java Cryptography Extension
(JCE),
Java Secure Socket Extension
(JSSE), and
Java Authentication
and Authorization Service (JAAS) security features have now been
integrated into the Java 2 SDK, v 1.4 rather than being optional packages.
- There are two new security features:
- The Java GSS-API
can be used for securely exchanging messages between communicating
applications using the Kerberos V5 mechanism.
- The Java Certification Path API
includes new classes and methods in the java.security.cert
package that allow you to build and validate certification paths
(also known as "certificate chains").
- Due to import control restrictions, the JCE jurisdiction policy files
shipped with the Java 2 SDK, v 1.4 allow "strong" but limited cryptography
to be used.
A version of these files indicating no restrictions on
cryptographic strengths is available.
- The JSSE implementation provided in this release includes
strong cipher suites. However, due to U.S. export control
restrictions, this release does not allow alternate "pluggable"
SSL/TLS implementations to be used.
For more information, please see the
JSSE Reference Guide.
- With the integration of JAAS into the J2SDK, the
java.security.Policy API handles Principal-based queries,
and the default policy implementation supports Principal-based
grant entries. Thus, access control can now be based
not just on what code is running, but also on who
is running it.
- Support for dynamic policies has been added. In Java 2 SDK
releases prior to version 1.4, classes were statically bound with
permissions by querying security policy during class loading. The
lifetime of this binding was scoped by the lifetime of the class
loader. In version 1.4 this binding is now deferred until needed by
a security check. The lifetime of the binding is now scoped by the
lifetime of the security policy.
- The graphical Policy Tool utility has been enhanced
to enable specifying a Principal field indicating what user is to be
granted specified access control permissions.
Security Guides
General Security
Certification Path
-
Java Certification Path API Programmer's Guide
JAAS
-
JAAS Reference Guide
- See the
JAAS Tutorials.
-
JAAS white paper
-
JAAS LoginModule Developer's Guide
Java GSS-API
- See the
Java GSS-API and JAAS Tutorials for Use with Kerberos.
-
Single Sign-on Using Kerberos in Java
JCE
JSSE
Security API Specification
(javadoc)
General Security
Certification Path
JAAS
Java GSS-API
JCE
JSSE
package
javax.net.ssl package
javax.security.cert package
Security Tools
Security Tutorials
- The
Java2 Platform Security trail of the
Java Tutorial
-
JAAS Tutorials.
-
Java GSS-API and JAAS Tutorials for Use with Kerberos.
For More Information
Located on the Java Software web site: