当前页面: 在线文档首页 > JDK 5 Documentation v1.4.1, Java 2 SDK 英文文档

Security - JDK 5 Documentation v1.4.1, Java 2 SDK 英文文档

Security

Documentation Contents

Security enhancements for the Java^TM 2 SDK, Standard Edition, v 1.4.1 include the following:

• Three new security tools were added in the 1.4.1 release of the Java 2 platform: kinit, klist, and ktab. These tools help users obtain, list and manage Kerberos tickets. See the Security Tools section of the Java^TM 2 SDK Tools and Utilities documentation for more information.

• The Sun SecureRandom implementation now also makes use of an operating system-provided entropy source on Windows platforms, which can improve the startup time of cryptographic applications considerably. Edit the <java.home>/lib/security/java.security to control this feature.
• New root CA certificates with aliases baltimorecodesigningca, gtecybertrustglobalca, baltimorecybertrustca, gtecybertrustca, and gtecybertrust5ca have been added to the <java.home>/lib/security/cacerts keystore file. See The cacerts Certificates File.

Security enhancements for the previous release, Java^TM 2 SDK, Standard Edition, v 1.4 included the following:

• The Java^TM Cryptography Extension (JCE), Java^TM Secure Socket Extension (JSSE), and Java^TM Authentication and Authorization Service (JAAS) security features have now been integrated into the Java 2 SDK, v 1.4 rather than being optional packages.

• There are two new security features:
  • The Java^TM GSS-API can be used for securely exchanging messages between communicating applications using the Kerberos V5 mechanism.
  • The Java^TM Certification Path API includes new classes and methods in the java.security.cert package that allow you to build and validate certification paths (also known as "certificate chains").

• Due to import control restrictions, the JCE jurisdiction policy files shipped with the Java 2 SDK, v 1.4 allow "strong" but limited cryptography to be used. A version of these files indicating no restrictions on cryptographic strengths is available.

• The JSSE implementation provided in this release includes strong cipher suites. However, due to U.S. export control restrictions, this release does not allow alternate "pluggable" SSL/TLS implementations to be used. For more information, please see the JSSE Reference Guide.

• With the integration of JAAS into the J2SDK, the java.security.Policy API handles Principal-based queries, and the default policy implementation supports Principal-based grant entries. Thus, access control can now be based not just on what code is running, but also on who is running it.

• Support for dynamic policies has been added. In Java 2 SDK releases prior to version 1.4, classes were statically bound with permissions by querying security policy during class loading. The lifetime of this binding was scoped by the lifetime of the class loader. In version 1.4 this binding is now deferred until needed by a security check. The lifetime of the binding is now scoped by the lifetime of the security policy.

• The graphical Policy Tool utility has been enhanced to enable specifying a Principal field indicating what user is to be granted specified access control permissions.

Security Guides

General Security

• Security Architecture
• Cryptography Architecture
• How to Implement a Provider for the Java Cryptography Architecture
• Policy Permissions
• Default Policy Implementation and Policy File Syntax
• API for Privileged Blocks
• X.509 Certificates and Certificate Revocation Lists
• Security Managers and the Java^TM 2 SDK

Certification Path

• Java Certification Path API Programmer's Guide

JAAS

• JAAS Reference Guide
• See the JAAS Tutorials.
• JAAS white paper
• JAAS LoginModule Developer's Guide

Java GSS-API

• See the Java GSS-API and JAAS Tutorials for Use with Kerberos.
• Single Sign-on Using Kerberos in Java

JCE

• JCE Reference Guide
• How to Implement a Provider for the Java Cryptography Extension

JSSE

• JSSE Reference Guide

Security API Specification
(javadoc)

General Security

• java.security Package
• java.security.cert Package
• java.security.interfaces Package
• java.security.spec Package

Certification Path

• java.security.cert Package

JAAS

• javax.security.auth Package
• javax.security.auth.callback Package
• javax.security.auth.kerberos Package
• javax.security.auth.login Package
• javax.security.auth.spi Package
• javax.security.auth.x500 Package
• com.sun.security.auth Package
• com.sun.security.auth.callback Package
• com.sun.security.auth.login Package
• com.sun.security.auth.module Package

Java GSS-API

• org.ietf.jgss Package
• com.sun.security.jgss Package

JCE

• javax.crypto Package
• javax.crypto.interfaces Package
• javax.crypto.spec Package

JSSE

• javax.net package
• javax.net.ssl package
• javax.security.cert package

Security Tools

• Security Tools Summary
• keytool (for Solaris) (for Windows)
• jarsigner (for Solaris) (for Windows)
• policytool (for Solaris) (for Windows)

Security Tutorials

• The Java^TM 2 Platform Security trail of the Java Tutorial
• JAAS Tutorials.
• Java GSS-API and JAAS Tutorials for Use with Kerberos.

For More Information

Located on the Java Software web site:

• The Security Home Page

---

Copyright © 1995-2002 Sun Microsystems, Inc. All Rights Reserved. Please send comments to: java-security@sun.com. This is not a subscription list.

Java Software