The everything you need to know book about
Java Security. The book provides a solid foundation of the classes that comprise the Java Security model. The book starts out with an overview of the Java 2 security model and quickly moves in to details of the �Java Sandbox�. The author explains the fine points of permissions and policy files as related to the java.security file. That�s it for the basics; this book is definitely for the advanced Java programmer.
The book goes in to detail describing class loaders and byte code verifiers, explaining how they are implemented within the JVM. A brief introduction to cryptography, this is a topic that warrants it�s own book. There is extensive coverage of keys, certificates and key management, including examples of how to construct key pairs - both public/private and secret keys. Additionally there are examples of how to generate message digests and use them to create and verify digital signatures. The book also covers creating and verifying signed classes using the jarsigner tool.
Advanced topics cover the use Cipher engines for encryption using JCE. There is in-depth coverage on SSL/HHTPS, but this is the only place that I found the examples lacking. And to round out the security features, there is a chapter on JAAS that gets in to both the administrative and programmatic sides.
Overall, this is an excellent book on security and a welcome addition to the serious java developer�s bookshelf.
(Annmarie Ziegler - greenhorn, August 2001)
More info at Amazon.com More info at Amazon.co.uk More info at FatBrain.com
