Our discussion of Java Security begins with an understanding of public key encryption. We'll learn about public and private keys, how a digital signature provides authentication, we'll learn about key distribution and the need for certificate and certificate authorities.

After an understanding of this theory, we'll delve into Java's security mechanisms. Specifically, we'll discuss the class loader, the security manager, and the "sandbox". We'll also examine the Permissions API, and the Java Cryptography Extension.

We'll focus on trusted versus untrusted applets and how to create a digital signature for an Applet. We'll also discuss digital signatures in terms of JAR files.

We will end our discussion of security with an understanding of how someone can de-compile your applets, and what you should do to protect them.

Objectives

• Understand the fundamentals of Public Key Encryption, Digital Signatures and Certificates
• Understand the evolution of the Java security model
• Digitally sign your Applet's jar file
• Created Trusted Applets that can access resources outside the sandbox
• Interact with or replace the Java Security Manager and the Classloader in your applications
• Apply Java 2 Policy Based Security
• The JDK Security Utilities (keytool, jarsigner, and policytool)
• Use the classes and interfaces in Java's Security Package
• Understand the security issues surrounding de-compiling and code obfuscation

Specifications

• Duration (total): 2 hours
• Duration of Exercises: 1 hour
• Duration of Lecture: 1 hour

Pre-requisites

If you are building a custom course, you will need to cover these topics before this topic can be presented:

• How jar works in regards to applets. (For complete coverage of Jar files, please call us, as this is a topic which we can add. It is fully explained in a separate section of our JavaBeans topic.)

• Basic Java knowledge including exception handling, threads, applets, full use of all the language constructs, and familiarity with the core Java 1.1 APIs.
• Those without these pre-requisites should consider one of our Ultimate Java Programming Workshops.

A detailed "table of contents" corresponding to the coverage of this topic is available upon request.

Copyright ©2007 by Petronio Technology Group, Inc. All rights reserved. Petronio, "Targeted Technology Training", "T3" and "Turning new technologies into your competitive advantage" are trademarks of Petronio Technology Group. All other trademarks are the properties of their respective companies.