Java Reference
In-Depth Information
25.7.
java.security
and Related Packages Security Tools
The security architecture that was introduced in
Chapter 23
is quite ex-
tensive and incorporates a range of mechanisms for encryption, authoriz-
ation, authentication, and so forth. These mechanisms are spread across
a number of packages.
The package
java.security
contains several useful tools for security-re-
lated functions: digital signatures, message digests, key management,
and cryptographic keys. Subpackages define abstractions for certificates
(
java.security.cert
),
RSA
and
DSA
keys (
java.security.interfaces
), and key
and algorithm parameter specifications (
java.security.spec
).
The
javax.security
subpackages complement these tools with a full au-
thentication and authorization framework (
javax.security.auth
and its
subpackages), including support for the Simple Authentication and Se-
curity Layer (
SASL
) as defined by
RFC
2222 (the
javax.security.sasl
pack-
age). The authorization component allows specification of access controls
based on code location, code signers, and code executors (subjects), us-
ing common protocols such as Kerberos and X500.
The
javax.crypto
package and subpackages (
interfaces
and
spec
) provide
rich mechanisms for cryptography, including encryption with various
kinds of ciphers,
MAC
generation, and key creation and agreement.
The
org.ietf.jgss
package provides a framework that helps you use se-
curity services such as authentication, data integrity, and data confid-
entiality from a variety of underlying security mechanisms. The secur-
ity mechanisms an application can choose are identified with unique ob-
ject identifiers. For example, the Kerberos v5
GSS
-
API
mechanism has
the object identifier 1.2.840.113554.1.2.2. This mechanism is available
through the default instance of the
GSSManager
class.
Because there are many ways to approach things like cryptography and
authentication, and there will be many more in the future, the security
architecture provides abstractions of security interactions. Implementa-
tions of the abstractions are supplied by
providers.
Each platform has one