JRE Security

From sheep
Jump to navigation Jump to search

Byte Code Verifyer

  • Checks code consistent with spec - Format of files, byte code legal
  • Detects inconsistencies in bounds checking/object casting

Security Manager

  • Only one per runtime
  • Uses security policy file for runtime permissions
  • Throws AccessControlException or SecurityException
  • -Djava.security.manager

Security policy

  • defines access privileges
  • defines permissions e.g. file/network access
  • default policy $JAVA_HOME/jre/lib/security
  • -Djava.security.policy
  • may be
    • text policy file
    • binary policy class

Keystore

  • Certificates are stored in a password protected database
  • Stores
    • public/private keys
    • certificates
  • Stored in file .keystore in the user's home directory
  • keytool - facilitates creating/managing/administering public/private keys and certificates for authentication/authorisation
  • X.509 certificates