Java Security Architecture Notes

1.Two aspects

    a. Secure the Java platform itself, such as bytecode verification, class loading protection

    b. Provide services and tools for java applications, such as cryptography, authentication.


2.Secure the Java platform

    2.1 Old Mechanism(JAVA 1): Sandbox

        Forget about it

    2.2.New Mechanism(Since JAVA 2)

        Think about it in a general way of security: "Can a principal access a resource?"

        The concepts in java security apply to this generic approach:

            a.Who is the principle?  CodeBase — a set of java codes who try to visit the resources, "file:/home/sys/" for example

            b.What are the resources? Classes, File Systems, and so on…

            c.How are the resources organized? Permission — a set of resources

            d.How to decide whether codes from a code base can have a specified permission?  Policy.

              For example           

                    grant codeBase "file:/home/sysadmin/" {

                        permission "/tmp/abc", "read";


            e.Any Exception to this mechanism? Yes, privileged blocks can access resources even if they are not permitted     



3.Policy Implementation

    3.1 Default implementation

        a. Global policy files: $java.home/lib/security/, and so on

        b. Runtime policy files, adding to or replacing the global configuration: java SomeApp       

    3.2 Other implementation           

        You can set it via ‘policy.provider=PolicyClassName’ in




Appendix 1.Resources


    b.Policy Implementation:           

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.