Java Security (2nd Edition) [Paperback]

Scott Oaks (Author)

Book Description

ISBN-10: 0596001576 | ISBN-13: 978-0596001575 | Publication Date: May 24, 2001 | Edition: Second Edition

One of Java's most striking claims is that it provides a secure programming environment. Yet despite endless discussion, few people understand precisely what Java's claims mean and how it backs up those claims. If you're a developer, network administrator or anyone else who must understand or work with Java's security mechanisms, Java Security is the in-depth exploration you need.

Java Security, 2nd Edition, focuses on the basic platform features of Java that provide security--the class loader, the bytecode verifier, and the security manager--and recent additions to Java that enhance this security model: digital signatures, security providers, and the access controller. The book covers the security model of Java 2, Version 1.3, which is significantly different from that of Java 1.1. It has extensive coverage of the two new important security APIs: JAAS (Java Authentication and Authorization Service) and JSSE (Java Secure Sockets Extension). Java Security, 2nd Edition, will give you a clear understanding of the architecture of Java's security model and how to use that model in both programming and administration.

The book is intended primarily for programmers who want to write secure Java applications. However, it is also an excellent resource for system and network administrators who are interested in Java security, particularly those who are interested in assessing the risk of using Java and need to understand how the security model works in order to assess whether or not Java meets their security needs.

Editorial Reviews

Amazon.com Review

Scott Oakes' Java Security is extraordinary both for its technical depth and its readability. It provides the Java programmer with a complete overview of the Java security architecture and security classes, plus a wealth of detailed information and code examples for specific implementations. The book opens with a clear discussion of what Java security is, how the various Java sandbox models work, and how Java applications and applets execute within the security model. The following chapters look in depth at the elements of the Java security architecture: language rules, class loaders, the security manager, the access controller, and permission objects. All these chapters provide detailed information on implementation, as well as an excellent explanation of the role of each feature within the entire security picture. The second half of the book covers cryptographic features in the Java security package (much enhanced in Java 1.2) and how Java programs work with code that performs authentication and encryption. Here, you'll find detailed chapters on message digests, keys and certificates, key management, digital signatures, and the Java Cryptography Extensions. Anyone who needs to understand Java security, but especially those who will implement security features in Java applications, will want to own this book. --This text refers to an out of print or unavailable edition of this title.

Review

'This is a great book about Java Security. If you are a Java programmer who want to write secure applications or a system administrator, you should read this book'. Evgeny Gesin, JavaDesk, Israel.

See all Editorial Reviews

Product Details

• Paperback: 622 pages
• Publisher: O'Reilly Media; Second Edition edition (May 24, 2001)
• Language: English
• ISBN-10: 0596001576
• ISBN-13: 978-0596001575
• Product Dimensions: 9.8 x 6.5 x 1.2 inches
• Shipping Weight: 2 pounds (View shipping rates and policies)
• Average Customer Review: 4.0 out of 5 stars  See all reviews (18 customer reviews)
• Amazon Best Sellers Rank: #390,600 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

20 of 21 people found the following review helpful:

5.0 out of 5 stars Java security from the ground up.....real good stuff, May 17, 2000

By 

JM (Sunnyvale , CA, USA) - See all my reviews

This review is from: Java Security (Java Series) (Paperback)

The best book on Java security in the market . Assumes that the reader has a fair understanding of Java programming. Provides clear differences between Java 1.1 and Java 2 models . Exhaustive coverage of basic java principles like built in language security features and byte code verification. Good examples on class loaders . Covers various security managers ex AppletSecurity Manager , RMI Security manager . Provides solid foundation for features like code signing , digital signatures , encryption etc. In a nutshell , book for security enthsiasts.

10 of 10 people found the following review helpful:

3.0 out of 5 stars Good if you want to become an expert, not good for how-to., February 25, 1999

By A Customer

This review is from: Java Security (Java Series) (Paperback)

If you wish to become an in-depth expert in Java security, this book is for you. But if you just want to find out how to add specific aspects of Java security to your applications, this book is the long way around the block. It would be better to have some how-to examples early in each chapter, followed by the background and theory of each concept. Instead, you have to figure out "how-to" based on the discussion.

12 of 13 people found the following review helpful:

5.0 out of 5 stars Recommend this book for any serious Java Developer, September 14, 2000

By 

Anthony M. Paper - See all my reviews

This review is from: Java Security (Java Series) (Paperback)

This book was my first introduction to Java Security. After reading the book, I was able to gain exposure to many complex areas of the Java Security/JCA/JCE APIs to include Class loaders, Byte Code Verifiers, Policy Files, Security Manager, Access Controller, Permissions, Message Digests, Data Encryption, Key Agreements, Digital Signatures, and Digital Certificates. My only negative comment was that the author did not provide any examples using the Secure Sockets Library (SSL). I am currently working on implementing security related issues associated with B2B data exchange and felt that this book was extremely helpful. I would highly recommend this book for any serious Java Developer.