P5EE - J2EE Security
Project:
[ Project Status
| CVSWeb
| CVS Activity
| Download
| Mailing List
| Discussion Archive
| Votes
]
P5EE:
[ Official
| Mission
| Advocacy
| Organization
| Definitions
| Components
| Platforms
| Applications
]
Variants
[ App-Context
]
Background:
[ J2EE
| J2EE Security
]
[ J2SE 1.4 API
| J2SDK Doc Overview
| Security Overview
| Perlization of a Java API
]
The Java security API's (JAAS, JSSE, JCE) have been incorporated into
J2SE 1.4. They are in the "java.security", "javax.security",
and "javax.crypto" packages.
Security
- Authentication -
The means by which communicating entities prove to one another
that they are acting on behalf of specific identities
(e.g., client to server and/or server to client).
- Authorization (Access Control) -
The means by which interactions with resources are limited to
collections of users or programs for the purpose of enforcing
integrity, confidentiality, or availability contraints.
- Data Integrity (MAC - message authentication check) -
The means used to prove that information could not have been
modified by a third party (some entity other than the source
of the information). For example, a recipient of data sent
over an open network must be able to detect and discard
messages that were modified after they were sent.
- Confidentiality (Data Privacy) -
The means use to ensure that information is only made available
to users who are authorized to access it.
- Non-repudiation -
The means used to prove that a user performed some action such
that the user cannot reasonably deny having done so.
- Auditing -
The means used to capture a tamper-resistant record of security
related events for the purpose of being able to evaluate the
effectiveness of security policies and mechanisms.