Li Gong. Addison-Wesley 1999.
262 pages. Index. Bibliography. $34.95
The long awaited Java Security architecture description straight from the horse's mouth has been published. It is not the complete API specification and the JCE (Java Cryptography Extension) is not addressed (a companion book for JCE 1.2 is planned), but if you want to know how Java security is done and why it's done this way, this is the source. Like most good books about Java, there are Java code snippets on almost every page, so when methods are discussed, you get to see what they look like.
Java 2 is an improvement in design and implementation over Java 1.1, in part due to the efforts of people at Oxford, Princeton, UWashington and the JavaSoft team, all acknowledged by the author.
The book starts out with the requisite intro to computer and network security to set the stage for the remaining chapters. Brief though it is, it mentions crypto, threats, firewalls and access controls. It is too short to be considered a general introduction for the security novice, but it lays the groundwork for the Java security model. This model may be the most important contribution when all is said and done.
Another short chapter follows which introduces a few Java language security features such as bytecode verification, type safety and signed applets. It is this chapter that provides the brief history of bugs and fixes to Java security.
Chapter three is the reason you bought the book, the JDK 1.2 Security Architecture. A little bit of history with a few pages on the rationale for a new security architecture quickly give way to the sections on java.Security.GeneralSecurityException, Security Policy and CodeSource. A detailed look at the permission hierarchy gives the reader a worthwhile insight into the workings of Java security. It is a bit of eye-opener to see just how much effort can go into access to a single file when compared to, for example, general unix file permissions. Sections on loading classes securely, the Security Manager and the Access Controller round out this chapter. I particularly appreciated the "Lessons Learned" section at the end of the chapter. Security is an evolving area which benefits by constant review and improvements.
As important as the architecture presentation is, chapters 4 (Deploying the architecture) and chapter 5 (Customizing the architecture) are critical in the practical sense. Deploying means configuring policy and looking at the tools provided by Java such as the jarsigner for adding digital signatures to java packages.
Customizing means creating new permissions, enhancing security policy and migrating the JDK 1.1 security managers. Lots of examples and explanations are given.
Chapter 6 delves into objects so that those who need to write code can do so securely. Three new interfaces are introduced for signing, encrypting and guarding java objects. Guard objects are objects used to control access to other objects.
Chapter 7 provides a look at the Java Cryptographic Architecture (JCA). Besides standardizing APIs, the JCA attempts to enable users to use crypto without worrying about the underlying implementations. For example, you can write code that uses a digital signature choosing your favorite algorithm. If you need to change the algorithm, the change would be just the call making the code implementation independent. The architecture achieves this through a Cryptographic Service Provider (CSP) package. Code examples are given for such things as public&private keys generation, message digests, signatures and certificates.
The last chapter discusses future directions. Since it is quite clear that all of this is just the early phases of secure computing, there are many possibilities to investigate and develop. Java enhancements can come from the class loader design, authentication and authorization, as well as areas not yet thought about. The future for Java Security looks interesting and this book is a required place to start getting ready for it.