Inside Java™ 2 Platform Security: Architecture, API Design, and Implementation, Second Edition By Li Gong, Gary Ellison, Mary Dageforde Publisher: Addison Wesley Pub Date: June 06, 2003 ISBN: 0-201-78791-1 Copyright Manyofthedesignationsusedbymanufacturersandsellerstodistinguishtheir products are claimed as trademarks. Where those designations appear in this book, and Addison-Wesley was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals. The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein. The publisher offers discounts on this book when ordered in quantity for bulk purchases and special sales. For more information, please contact: U.S.CorporateandGovernmentSales (800)382-3419 [email protected] For sales outside of the U.S., please contact: InternationalSales (317)581-3793 [email protected] Visit Addison-Wesley on the Web:www.awprofessional.com Library of Congress Cataloging-in-Publication Data is available. Copyright © 2003 by Sun Microsystems, Inc. 150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. Duke™ designed by Joe Palrang Sun,SunMicrosystems,SunMicrosystemsComputerCorporation,theSunlogo, theSunMicrosystemsComputerCorporationlogo,Java,JavaSoft,JavaSoftware, JavaScript, Java Authentication and Authorization Service, JAAS, Java Cryptography Extension, JCE, Java GSS-API, Java Secure Socket Extension, JSSE, JavaIDL,JavaPlug-in,JavaRemoteMethodInvocation,JavaRMI,JavaWebStart, EmbeddedJava, PersonalJava, JVM, JavaOS, J2EE, J2ME, J2SE, JDK, and J2SDK are trademarks or registered trademarks of Sun Microsystems, Inc. UNIX® is a registered trademark in the United States and other countries, exclusively licensed through X/Open Company, Ltd. All other product names mentioned herein are the trademarks of their respective owners. Sun Microsystems, Inc. has intellectual property rights relating to technology described in this publication. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed athttp://www.sun.com/patentsandoneormoreadditionalpatentsorpending patent applications in the U.S. and other countries. THISPUBLICATIONISPROVIDED"ASIS"WITHOUTWARRANTYOFANYKIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS PUBLICATION COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THE PUBLICATION. SUN MICROSYSTEMS, INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS PUBLICATION AT ANY TIME. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronic, mechanical,photocopying,recording,orotherwise,withoutthepriorconsentof thepublisher.PrintedintheUnitedStatesofAmerica.Publishedsimultaneously in Canada. For information on obtaining permission for use of material from this work, please submit a written request to: PearsonEducation,Inc. RightsandContractsDepartment 75ArlingtonStreet,Suite300 Boston,MA02116 Fax:(617)848-7047 Text printed on recycled paper 1 2 3 4 5 6 7 8 9 10—CRS—0706050403 First printing, May 2003 Dedication To Roger Needham, 1935–2003 My supervisor, mentor, colleague, and friend —Li Gong To SAM —Gary Ellison To my husband, Tom Wills —Mary Dageforde The Java™ Series Lisa Friendly, Series Editor Tim Lindholm, Technical Editor Ken Arnold, Technical Editor of The Jini™ Technology Series Jim Inscore, Technical Editor of The Java™ Series, Enterprise Edition http://www.javaseries.com Eric Armstrong, Stephanie Bodoff, Debbie Carson, Maydene Fisher, Dale Green, Kim Haase The Java™ Web Services Tutorial Ken Arnold, James Gosling, David Holmes The Java™ Programming Language, Third Edition Joshua Bloch Effective Java™ Programming Language Guide Mary Campione, Kathy Walrath, Alison Huml The Java™ Tutorial, Third Edition: A Short Course on the Basics Mary Campione, Kathy Walrath, Alison Huml, Tutorial Team The Java™ Tutorial Continued: The Rest of the JDK™ Patrick Chan The Java™ Developers Almanac 1.4, Volume 1 Patrick Chan The Java™ Developers Almanac 1.4, Volume 2 Patrick Chan, Rosanna Lee The Java™ Class Libraries, Second Edition, Volume 2: java.applet, java.awt, java.beans Patrick Chan, Rosanna Lee, Doug Kramer The Java™ Class Libraries, Second Edition, Volume 1: java.io, java.lang, java.math, java.net, java.text, java.util Patrick Chan, Rosanna Lee, Doug Kramer The Java™ Class Libraries, Second Edition, Volume 1: Supplement for the Java™ 2 Platform, Standard Edition, v1.2 Kirk Chen, Li Gong Programming Open Service Gateways with Java™ Embedded Server Zhiqun Chen Java Card™ Technology for Smart Cards: Architecture and Programmer's Guide Maydene Fisher, Jon Ellis, Jonathan Bruce JDBC™ API Tutorial and Reference, Third Edition Li Gong, Gary Ellison, Mary Dageforde Inside Java™ 2 Platform Security, Second Edition: Architecture, API Design, and Implementation James Gosling, Bill Joy, Guy Steele, Gilad Bracha The Java™ Language Specification, Second Edition Doug Lea Concurrent Programming in Java™, Second Edition: Design Principles and Patterns Rosanna Lee, Scott Seligman JNDI API Tutorial and Reference: Building Directory-Enabled Java™ Applications Sheng Liang The Java™ Native Interface: Programmer's Guide and Specification Tim Lindholm, Frank Yellin The Java™ Virtual Machine Specification, Second Edition Roger Riggs, Antero Taivalsaari, Mark VandenBrink Programming Wireless Devices with the Java™ 2 Platform, Micro Edition Henry Sowizral, Kevin Rushforth, Michael Deering The Java 3D™ API Specification, Second Edition Sun Microsystems, Inc. Java™ Look and Feel Design Guidelines: Advanced Topics Kathy Walrath, Mary Campione The JFC Swing Tutorial: A Guide to Constructing GUIs Seth White, Maydene Fisher, Rick Cattell, Graham Hamilton, Mark Hapner JDBC™ API Tutorial and Reference, Second Edition: Universal Data Access for the Java™ 2 Platform Steve Wilson, Jeff Kesselman Java™ Platform Performance: Strategies and Tactics The Jini™ Technology Series Eric Freeman, Susanne Hupfer, Ken Arnold JavaSpaces™ Principles, Patterns, and Practice The Java™ Series, Enterprise Edition Stephanie Bodoff, Dale Green, Kim Haase, Eric Jendrock, Monica Pawlan, Beth Stearns The J2EE™ Tutorial Rick Cattell, Jim Inscore, Enterprise Partners J2EE™ Technology in Practice: Building Business Applications with the Java™ 2 Platform, Enterprise Edition Mark Hapner, Rich Burridge, Rahul Sharma, Joseph Fialli, Kim Haase Java™ Message Service API Tutorial and Reference: Messaging for the J2EE™ Platform Inderjeet Singh, Beth Stearns, Mark Johnson, Enterprise Team Designing Enterprise Applications with the Java™ 2 Platform, Enterprise Edition Vlada Matena, Sanjeev Krishnan, Beth Stearns Applying Enterprise JavaBeans™ 2.1, Second Edition: Component-Based Development for the J2EE™ Platform Bill Shannon, Mark Hapner, Vlada Matena, James Davidson, Eduardo Pelegri- Llopart, Larry Cable, Enterprise Team Java™ 2 Platform, Enterprise Edition: Platform and Component Specifications Rahul Sharma, Beth Stearns, Tony Ng J2EE™ Connector Architecture and Enterprise Application Integration Preface Inventing is a combination of brains and materials. The more brains you use, the less material you need. —Charles Kettering Thephrases"computersecurity,""networksecurity,"and"informationsecurity" conjure up various notions and precepts to a given audience. Some people tend to envision technical measures, such as cryptography, as the sole means by which security is attained. Other people recognize the limitations of various technicalmeasuresandtreatthemastoolsthat,whenusedincombinationwith other technical measures, can accomplish the task at hand. The distinction is subtle but important. The phrase "platform security" reflects a holistic view of security, suggesting that the foundation is secure and can be relied on as is or used as a secure subsystem to leverage when building larger systems. Building a secure platform is a very difficult and exacting task that historically has been accomplished only when security is a design requirement that is taken into consideration at the onset. The idea that security can be "bolted on" has proved frail and wrought with failure modes, which has led to a mulititude of security breaches. Javatechnologyispossiblytheonlygeneral-purposesecurecomputingplatform to become commercially successful. This would never have happened had the designers not taken security seriously from the start. The security properties of Java technology are many, and the Java platform builds on itself to create a reliable and secure platform. The Java 2 security model would be impossible to maketrustworthyifitwerenotforthesafetynetprovidedbytheJavalanguage itself. The Java language specifies the semantics to ensure type safety and referential integrity and yet would fail miserably if it were not for the enforcement and assurances the Java virtual machine provides. Thus, from these various secure subsystems, we have created a greater whole. The target audience of this book is varied. We believe this book will be a useful resource to those seeking a general understanding of the security foundation
Description: