Prentice hall inside java 2 platform security architecture API design and implementation 2nd edition ISBN jun 2003 0201787911
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (2.9 MB, 596 trang )
•
TableofContents
InsideJava™2PlatformSecurity:
Architecture,APIDesign,and
Implementation,SecondEdition
ByLiGong,GaryEllison,
MaryDageforde
Publisher :AddisonWesley
PubDate :June06,2003
ISBN :0-201-78791-1
Pages :384
Slots :1
InsideJava(TM)2PlatformSecurity,the
definitiveandcomprehensiveguidetothe
Javasecurityplatform,hasbeenthoroughly
updatedtoreflectkeyadditionsandrevisions
toJavasecuritytechnologiescurrentlyinuse
byleadingtechnologycompanies.This
secondedition,pennedbytheJavaexperts
atSunMicrosystems,providesadetailedlook
intothecentralworkingsoftheJavasecurity
architectureanddescribestoolsand
techniquesforsuccessfulimplementationon
eventhemostdemandingnetworkcomputing
environment.
WhileJavahasalwaysprovidedastronger
securitymodelthanotherplatforms,this
bookreviewsallthemethodsandpractices
requiredtoimprovesecuritywithout
sacrificingfunctionality.Withtipsonhowto
customize,extend,andrefinetheJava
securityarchitecture,userswillhave
everythingtheyneedtoprotecttheir
informationassetsfrombothexternaland
internalthreats.
Thisbook'sin-depthcoverageencompasses
securityarchitecture,deployment,
customization,newdevelopments,andmuch
more.
Securityfundamentals
Secureclassloading
Specifyingfine-grainedsecuritypolicy
Enforcingsecuritypolicywith
AccessController,SecurityManager,and
more
Digitalcertificates,certificationpaths,
signedcode,JAAS,andother
authenticationmeasures
Java-basedcryptographywithcode
examples
JSSE,JavaGSS-API,andRMIfornetwork
security
Previewsofotherplatformsforsecurity,
includingJavaCard,J2MEandJini
Designedforboththesystemadministrator
andsoftwarepractitioner,thisbookdelivers
vitalknowledgeforbuildingandmaintaining
asecuresystemusingtheJava2platform.
Withdetailedcodeandusageexamples
throughout,InsideJava(TM)2Platform
Security,SecondEdition,isanindispensable
resourceforallplatformsecurityneeds.
TheJava(TM)Seriesissupported,endorsed,
andauthoredbythecreatorsoftheJava
technologyatSunMicrosystems,Inc.Itisthe
officialplacetogoforcomplete,expert,and
definitiveinformationonJavatechnology.The
booksinthisSeriesprovidetheinside
informationyouneedtobuildeffective,
robust,andportableapplicationsandapplets.
TheSeriesisanindispensableresourcefor
anyonetargetingtheJava(TM)2platform.
•
TableofContents
InsideJava™2PlatformSecurity:
Architecture,APIDesign,and
Implementation,SecondEdition
ByLiGong,GaryEllison,
MaryDageforde
Publisher :AddisonWesley
PubDate :June06,2003
ISBN :0-201-78791-1
Pages :384
Slots :1
Copyright
TheJava™Series
Preface
HowThisBookIsOrganized
Acknowledgments
AbouttheAuthors
PrefacetotheFirstEdition
AcknowledgmentsfortheFirstEdition
Chapter1.ComputerandNetworkSecurityFundamentals
Section1.1.CryptographyversusComputerSecurity
Section1.2.ThreatsandProtection
Section1.3.PerimeterDefense
Section1.5.UsingCryptography
Section1.7.MobileCode
Section1.4.AccessControlandSecurityModels
Section1.6.Authentication
Section1.8.WhereJavaTechnologyBasedSecurityFitsIn
Chapter2.BasicSecurityfortheJavaProgrammingLanguage
Section2.1.TheJavaProgrammingLanguageandPlatform
Section2.2.OriginalBasicSecurityArchitecture
Section2.4.SignedApplets
Section2.3.BytecodeVerificationandTypeSafety
Section2.5.FurtherEnhancements
Chapter3.Java2SecurityArchitecture
Section3.1.SecurityArchitectureRequirementsofJava2
Section3.2.OverviewoftheJava2SecurityArchitecture
Section3.3.ArchitectureSummary
Section3.4.LessonsLearned
Chapter4.SecureClassLoading
Section4.1.ClassFiles,Types,andDefiningClassLoaders
Section4.2.Well-KnownClassLoaderInstances
Section4.3.ClassLoaderHierarchies
Section4.5.SecureClassLoaderDetails
Section4.7.ClassPaths
Section4.4.LoadingClasses
Section4.6.URLClassLoaderDetails
Chapter5.ElementsofSecurityPolicy
Section5.1.Permissions
Section5.2.DescribingCode
Section5.3.ProtectionDomain
Section5.5.AssigningPermissions
Section5.4.SecurityPolicy
Section5.6.DynamicSecurityPolicy
Chapter6.EnforcingSecurityPolicy
Section6.1.SecurityManager
Section6.2.AccessControlContext
Section6.3.DomainCombiner
Section6.4.AccessController
Chapter7.CustomizingtheSecurityArchitecture
Section7.1.CreatingNewPermissionTypes
Section7.2.CustomizingSecurityPolicy
Section7.3.CustomizingtheAccessControlContext
Chapter8.EstablishingTrust
Section8.1.DigitalCertificates
Section8.2.EstablishingTrustwithCertificationPaths
Section8.3.EstablishingTrustinSignedCode
Section8.4.User-CentricAuthenticationandAuthorizationUsingJAAS
Section8.5.DistributedEnd-EntityAuthentication
Chapter9.ObjectSecurity
Section9.1.SecurityExceptions
Section9.2.FieldsandMethods
Section9.3.StaticFields
Section9.5.PrivilegedCode
Section9.7.InnerClasses
Section9.9.SigningObjects
Section9.11.GuardingObjects
Section9.4.PrivateObjectStateandObjectImmutability
Section9.6.Serialization
Section9.8.NativeMethods
Section9.10.SealingObjects
Chapter10.ProgrammingCryptography
Section10.1.CryptographicConcepts
Section10.2.DesignPrinciples
Section10.3.CryptographicServicesandServiceProviders
Section10.5.AdditionalCryptographyClasses
Section10.7.StandardNames
Section10.4.CoreCryptographyClasses
Section10.6.CodeExamples
Section10.8.AlgorithmSpecifications
Chapter11.NetworkSecurity
Section11.1.JavaGSS-API
Section11.2.JSSE
Section11.3.RemoteMethodInvocation
Chapter12.DeployingtheSecurityArchitecture
Section12.1.InstallingtheLatestJava2PlatformSoftware
Section12.2.TheInstallationDirectory<java.home>
Section12.3.SettingSystemandSecurityProperties
Section12.5.InstallingProviderPackages
Section12.7.JAASLoginConfigurationFiles
Section12.9.X.500DistinguishedNames
Section12.4.SecuringtheDeployment
Section12.6.PolicyConfiguration
Section12.8.SecurityTools
Section12.10.ManagingSecurityPoliciesforNonexperts
Chapter13.OtherPlatformsandFutureDirections
Section13.1.IntroductiontoJavaCard
Section13.2.IntroductiontoJava2MicroEdition
Section13.4.BriefIntroductiontoJiniNetworkTechnology
Section13.6.ClientContainers
Section13.3.SecurityEnhancementsontheHorizonforJ2SE
Section13.5.BriefIntroductiontoJ2EE
Section13.7.FinalRemarks
Bibliography
Copyright
Manyofthedesignationsusedbymanufacturersandsellersto
distinguishtheirproductsareclaimedastrademarks.Where
thosedesignationsappearinthisbook,andAddison-Wesley
wasawareofatrademarkclaim,thedesignationshavebeen
printedwithinitialcapitallettersorinallcapitals.
Theauthorsandpublisherhavetakencareinthepreparationof
thisbook,butmakenoexpressedorimpliedwarrantyofany
kindandassumenoresponsibilityforerrorsoromissions.No
liabilityisassumedforincidentalorconsequentialdamagesin
connectionwithorarisingoutoftheuseoftheinformationor
programscontainedherein.
Thepublisheroffersdiscountsonthisbookwhenorderedin
quantityforbulkpurchasesandspecialsales.Formore
information,pleasecontact:
U.S.CorporateandGovernmentSales
(800)382-3419
ForsalesoutsideoftheU.S.,pleasecontact:
InternationalSales
(317)581-3793
VisitAddison-WesleyontheWeb:www.awprofessional.com
LibraryofCongressCataloging-in-PublicationDataisavailable.
Copyright©2003bySunMicrosystems,Inc.
150NetworkCircle,SantaClara,California95054,U.S.A.
Allrightsreserved.
Duke™designedbyJoePalrang
Sun,SunMicrosystems,SunMicrosystemsComputer
Corporation,theSunlogo,theSunMicrosystemsComputer
Corporationlogo,Java,JavaSoft,JavaSoftware,JavaScript,
JavaAuthenticationandAuthorizationService,JAAS,Java
CryptographyExtension,JCE,JavaGSS-API,JavaSecure
SocketExtension,JSSE,JavaIDL,JavaPlug-in,JavaRemote
MethodInvocation,JavaRMI,JavaWebStart,EmbeddedJava,
PersonalJava,JVM,JavaOS,J2EE,J2ME,J2SE,JDK,andJ2SDK
aretrademarksorregisteredtrademarksofSunMicrosystems,
Inc.UNIX®isaregisteredtrademarkintheUnitedStatesand
othercountries,exclusivelylicensedthroughX/OpenCompany,
Ltd.Allotherproductnamesmentionedhereinarethe
trademarksoftheirrespectiveowners.
SunMicrosystems,Inc.hasintellectualpropertyrightsrelating
totechnologydescribedinthispublication.Inparticular,and
withoutlimitation,theseintellectualpropertyrightsmayinclude
oneormoreoftheU.S.patentslistedat
andoneormoreadditional
patentsorpendingpatentapplicationsintheU.S.andother
countries.
THISPUBLICATIONISPROVIDED"ASIS"WITHOUTWARRANTY
OFANYKIND,EITHEREXPRESSORIMPLIED,INCLUDING,BUT
NOTLIMITEDTO,THEIMPLIEDWARRANTIESOF
MERCHANTABILITY,FITNESSFORAPARTICULARPURPOSE,OR
NON-INFRINGEMENT.
THISPUBLICATIONCOULDINCLUDETECHNICAL
INACCURACIESORTYPOGRAPHICALERRORS.CHANGESARE
PERIODICALLYADDEDTOTHEINFORMATIONHEREIN;THESE
CHANGESWILLBEINCORPORATEDINNEWEDITIONSOFTHE
PUBLICATION.SUNMICROSYSTEMS,INC.MAYMAKE
IMPROVEMENTSAND/ORCHANGESINTHEPRODUCT(S)
AND/ORTHEPROGRAM(S)DESCRIBEDINTHISPUBLICATION
ATANYTIME.
Allrightsreserved.Nopartofthispublicationmaybe
reproduced,storedinaretrievalsystem,ortransmitted,inany
form,orbyanymeans,electronic,mechanical,photocopying,
recording,orotherwise,withoutthepriorconsentofthe
publisher.PrintedintheUnitedStatesofAmerica.Published
simultaneouslyinCanada.
Forinformationonobtainingpermissionforuseofmaterialfrom
thiswork,pleasesubmitawrittenrequestto:
PearsonEducation,Inc.
RightsandContractsDepartment
75ArlingtonStreet,Suite300
Boston,MA02116
Fax:(617)848-7047
Textprintedonrecycledpaper
12345678910CRS0706050403
Firstprinting,May2003
Dedication
ToRogerNeedham,19352003
Mysupervisor,mentor,colleague,andfriend
LiGong
ToSAM
GaryEllison
Tomyhusband,TomWills
MaryDageforde
TheJava™Series
LisaFriendly,SeriesEditor
TimLindholm,TechnicalEditor
KenArnold,TechnicalEditorofTheJini™TechnologySeries
JimInscore,TechnicalEditorofTheJava™Series,Enterprise
Edition
EricArmstrong,StephanieBodoff,DebbieCarson,Maydene
Fisher,DaleGreen,KimHaase
TheJava™WebServicesTutorial
KenArnold,JamesGosling,DavidHolmes
TheJava™ProgrammingLanguage,ThirdEdition
JoshuaBloch
EffectiveJava™ProgrammingLanguageGuide
MaryCampione,KathyWalrath,AlisonHuml
TheJava™Tutorial,ThirdEdition:AShortCourseontheBasics
MaryCampione,KathyWalrath,AlisonHuml,TutorialTeam
TheJava™TutorialContinued:TheRestoftheJDK™
PatrickChan
TheJava™DevelopersAlmanac1.4,Volume1
PatrickChan
TheJava™DevelopersAlmanac1.4,Volume2
PatrickChan,RosannaLee
TheJava™ClassLibraries,SecondEdition,Volume2:
java.applet,java.awt,java.beans
PatrickChan,RosannaLee,DougKramer
TheJava™ClassLibraries,SecondEdition,Volume1:java.io,
java.lang,java.math,java.net,java.text,java.util
PatrickChan,RosannaLee,DougKramer
TheJava™ClassLibraries,SecondEdition,Volume1:
SupplementfortheJava™2Platform,StandardEdition,v1.2
KirkChen,LiGong
ProgrammingOpenServiceGatewayswithJava™Embedded
Server
ZhiqunChen
JavaCard™TechnologyforSmartCards:Architectureand
Programmer'sGuide
MaydeneFisher,JonEllis,JonathanBruce
JDBC™APITutorialandReference,ThirdEdition
LiGong,GaryEllison,MaryDageforde
InsideJava™2PlatformSecurity,SecondEdition:Architecture,
APIDesign,andImplementation
JamesGosling,BillJoy,GuySteele,GiladBracha
TheJava™LanguageSpecification,SecondEdition
DougLea
ConcurrentProgramminginJava™,SecondEdition:Design
PrinciplesandPatterns
RosannaLee,ScottSeligman
JNDIAPITutorialandReference:BuildingDirectory-Enabled
Java™Applications
ShengLiang
TheJava™NativeInterface:Programmer'sGuideand
Specification
TimLindholm,FrankYellin
TheJava™VirtualMachineSpecification,SecondEdition
RogerRiggs,AnteroTaivalsaari,MarkVandenBrink
ProgrammingWirelessDeviceswiththeJava™2Platform,Micro
Edition
HenrySowizral,KevinRushforth,MichaelDeering
TheJava3D™APISpecification,SecondEdition
SunMicrosystems,Inc.
Java™LookandFeelDesignGuidelines:AdvancedTopics
KathyWalrath,MaryCampione
TheJFCSwingTutorial:AGuidetoConstructingGUIs
SethWhite,MaydeneFisher,RickCattell,GrahamHamilton,
MarkHapner
JDBC™APITutorialandReference,SecondEdition:Universal
DataAccessfortheJava™2Platform
SteveWilson,JeffKesselman
Java™PlatformPerformance:StrategiesandTactics
TheJini™TechnologySeries
EricFreeman,SusanneHupfer,KenArnold
JavaSpaces™Principles,Patterns,andPractice
TheJava™Series,EnterpriseEdition
StephanieBodoff,DaleGreen,KimHaase,EricJendrock,
MonicaPawlan,BethStearns
TheJ2EE™Tutorial
RickCattell,JimInscore,EnterprisePartners
J2EE™TechnologyinPractice:BuildingBusinessApplications
withtheJava™2Platform,EnterpriseEdition
MarkHapner,RichBurridge,RahulSharma,JosephFialli,Kim
Haase
Java™MessageServiceAPITutorialandReference:Messaging
fortheJ2EE™Platform
InderjeetSingh,BethStearns,MarkJohnson,EnterpriseTeam
DesigningEnterpriseApplicationswiththeJava™2Platform,
EnterpriseEdition
VladaMatena,SanjeevKrishnan,BethStearns
ApplyingEnterpriseJavaBeans™2.1,SecondEdition:
Component-BasedDevelopmentfortheJ2EE™Platform
BillShannon,MarkHapner,VladaMatena,JamesDavidson,
EduardoPelegri-Llopart,LarryCable,EnterpriseTeam
Java™2Platform,EnterpriseEdition:PlatformandComponent
Specifications
RahulSharma,BethStearns,TonyNg
J2EE™ConnectorArchitectureandEnterpriseApplication
Integration
Preface
Inventingisacombinationofbrainsandmaterials.The
morebrainsyouuse,thelessmaterialyouneed.
CharlesKettering
Thephrases"computersecurity,""networksecurity,"and
"informationsecurity"conjureupvariousnotionsandprecepts
toagivenaudience.Somepeopletendtoenvisiontechnical
measures,suchascryptography,asthesolemeansbywhich
securityisattained.Otherpeoplerecognizethelimitationsof
varioustechnicalmeasuresandtreatthemastoolsthat,when
usedincombinationwithothertechnicalmeasures,can
accomplishthetaskathand.Thedistinctionissubtlebut
important.Thephrase"platformsecurity"reflectsaholisticview
ofsecurity,suggestingthatthefoundationissecureandcanbe
reliedonasisorusedasasecuresubsystemtoleveragewhen
buildinglargersystems.Buildingasecureplatformisavery
difficultandexactingtaskthathistoricallyhasbeen
accomplishedonlywhensecurityisadesignrequirementthatis
takenintoconsiderationattheonset.Theideathatsecuritycan
be"boltedon"hasprovedfrailandwroughtwithfailuremodes,
whichhasledtoamulititudeofsecuritybreaches.
Javatechnologyispossiblytheonlygeneral-purposesecure
computingplatformtobecomecommerciallysuccessful.This
wouldneverhavehappenedhadthedesignersnottaken
securityseriouslyfromthestart.ThesecuritypropertiesofJava
technologyaremany,andtheJavaplatformbuildsonitselfto
createareliableandsecureplatform.TheJava2securitymodel
wouldbeimpossibletomaketrustworthyifitwerenotforthe
safetynetprovidedbytheJavalanguageitself.TheJava
languagespecifiesthesemanticstoensuretypesafetyand
referentialintegrityandyetwouldfailmiserablyifitwerenot
fortheenforcementandassurancestheJavavirtualmachine
provides.Thus,fromthesevarioussecuresubsystems,wehave
createdagreaterwhole.
Thetargetaudienceofthisbookisvaried.Webelievethisbook
willbeausefulresourcetothoseseekingageneral
understandingofthesecurityfoundationtheJava2security
architectureprovidesandrelieson.Thebookshouldalsoprove
particularilyusefultosoftwarepractitionersbuildingenterpriseclassapplicationsthatmustmeetvariedsecurityrequirements,
rangingfromauthenticationtoauthorizationtoinformation
protection.Thisbookprovidesinsightintosomeofthedesign
trade-offswemadeaswedevelopedtheplatformandthe
lessonswehavelearnedaswecontinuetoevolveandenhance
theplatform.Weprovideguidancetothoseneedingto
customizethesecuritymodelfortheirspecificpurposes.We
describetheinflectionpointswedesignedintotheplatformto
accommodatethoserarebutcriticalcustomizations.Mostofthe
aforementionedtopicsaretargetedtosystemdevelopers,yet
werecognizethatsecurityisnotlimitedtotheimplementation
ofanapplication.Equallyimportantisthedeploymentofthe
application.Fordeployers,wesupplydescriptionsrangingfrom
expressingsecuritypolicytohardeningtheinstallationofthe
runtimeenvironment.
ThisbookdoesnotexplaintoanylevelofdetailtheJava
programminglanguage.WerecommendthebookbyArnoldand
Gosling[3]asagoodstartingpoint.Also,wedonotcoverthe
varioussecurityAPIsintheirentirety,andthuswereferthe
readertotheJava2SDKdocumentation.
HowThisBookIsOrganized
Thetextofthisbookisorganizedtocatertoitsvarious
audiences.Thefirsttwochapterssupplybackground
informationprovidingthebasisformorespecifictopicscovered
insubsequentchapters.Thereaderneednotbeproficientinthe
Javalanguagetounderstandtheseintroductorychapters.
Chapters3through6describetheJava2securityarchitecture,
startingwithgeneralconceptsandendingwithcomprehensive
coverageofsecuritypolicyenforcement.Chapters7through11
aretargetedtowardtheenterpriseapplicationdeveloper,
coveringtopicsrangingfromtrustestablishmentto
cryptographyandnetworksecurity.Forthesechapters,Java
languageproficiencyisassumed.Chapter12isdirectlytargeted
towarddeployers,whoshouldalsoreadChapter8foradditional
detailsabouttrustestablishment.Itisourbeliefthatdeployers
neednotbeproficientintheJavalanguageandthattheycan
ignorethesectionsofChapter8describingAPIs.
Thecontentofeachchapterofthisbookisasfollows:
Chapter1:Ageneralbackgroundoncomputer,network,
andinformationsecurity
Chapter2:AreviewoftheJavasecuritymodels,starting
withtheoriginalsandboxandprogressingtothefinegrainedaccesscontrolmodel
Chapter3:Anin-depthlookattheJava2security
architecture,whichispolicydrivenandcapableof
enforcingfine-grainedaccesscontrols
Chapter4:Detailedcoverageofclassloading,includinga
descriptionoftheclassloaderinheritancehierarchyand
theruntimedelegationhierarchy
Chapter5:Anexplanationofthesecurityclassesthat
supplythefoundationfortheenforcementofsecurity
policyatruntime
Chapter6:Thoroughcoverageofthepolicyenforcement
classesandthedesignoftheJava2securityarchitecture
accesscontrolalgorithm
Chapter7:Anexplanationofthecustomizationpoints
providedforsystemsprogrammerswhoneedtoenhance
thecoresecurityarchitecture
Chapter8:Anoutlineofthetrustestablishment
capabilitiesandmechanismssuppliedbythesecurity
architecture
Chapter9:Apresentationofcommonpitfallsand
defensiveprogrammingstrategies
Chapter10:Comprehensivecoverageofthe
cryptography-relatedAPIs
Chapter11:AnoperationaloverviewoftheAPIsusedto
securenetworkprotocols,includingthosefor
authentication,confidentiality,andintegrityprotection
Chapter12:Apresentationofthedeploymentoptions
thatmaybeusedtosecurelydeploytheJavaruntimeand
Javatechnology-basedapplications
Chapter13:AlookatthevariousJavatechnology
platformsandaglancetowardthefutureofJavasecurity
Acknowledgments
ThisprojectbeganasacasualconversationbetweenLiGong
andmeatthe2001JavaOneconferenceinSanFrancisco.Prior
tothatconversation,Lihadtransitionedfromtheroleofchief
securityarchitectfortheJava2securitydevelopmentprojectto
leadingProjectJXTA,whereasIhadtransitionedintothelead
securityarchitectrolefortheJava2developmentteamnear
theendofthepriormillennium.ImentionedtoLithatthe
securityarchitecturehadevolvedtothepointthatthefirst
editionwasnolongercurrentandthusnotanauthoritative
text.
Nearlytwoyearslater,theresultsofthatconversationhave
cometofruition,andIcanconfidentlystatethatwehavecome
alongwaytoreachourgoalofproducingabookthat
thoroughlyandaccuratelydescribestheJava2security
architecture.Thisclearlywouldnothavebeenpossiblewithout
Li'ssupport,andIamgratefulforhavinghadtheopportunityto
workwithLiinthepastandespeciallyonthisproject.
Thisbookwouldprobablybestuckinthestartingblocksifit
werenotfortheguidanceandgentlenudgingofLisaFriendly,
ManagerofSoftwareTechnicalPublicationsatSun
Microsystems.Lisarecognizedearlyonthatmycommitmentto
theprojectwasabsolutebutthatmycopiousfreetime,which
wasallottedtothiseffort,fellbetweenthehoursof10P.M.and
2A.M.LisaquicklysolvedthisproblembyengagingMary
Dagefordeastechnicaleditor.Iamforevergrateful.Notonlyis
Maryanexcellenttechnicalwriterandeditorwhoendedup
writingenoughtogetcoauthorbilling,butshecancodetoo!
Marytrulymadethisprojecthappenwithherdrive,dedication,
andthoroughness.IcannotsayenoughaboutMary,soIwill
keepitbrief.Thankyou,Mary.
TimLindholmwasalsoanearlyinspiration,andIappreciatehis
supportinhelpingmekeepthingsinperspective.Ialsowantto
acknowledgethesupportofmymanagementLarryAbrahams,
MaxineErlund,SharonLiu,andStephenPelletierwho
understoodhowimportantthisprojectwastome.
MypeersintheJavasecuritydevelopmentteamparticipatedin
thispublicationinmanyways,andIwishtoacknowledgethem
fortheircontentcontributions,insights,patience,camaraderie,
constructivecriticism,andmostofalltheirfriendship.Thank
you,AlanBateman,Jean-ChristopheCollet,JayaHangal,
CharlieLai,RosannaLee,JanLuehe,SeemaMalkani,Ram
Marti,MichaelMcMahon,SeanMullan,JeffNisewanger,YuChingPeng,ChokPoh,VincentRyan,ScottSeligman,Andreas
Sterbenz,MayankUpadhyay,YingxianWang,andBrad
Wetmore.
Beingapartoftheteamthatcreatedsomethingthathashad
suchasignificantimpactoncomputingisanhonornotshared
bymany.ThesuccessofJavaisobviouslyaresultofthehigh
caliberofpeoplewhomadeitareality.Ihavehadtheluxuryof
workingalongsidemanytalentedpeople,andIexpresslywant
tothankLarsBak,JoshBloch,GiladBracha,ZhiqunChen,
SteffenGarup,JamesGosling,GrahamHamilton,MarkHapner,
StanleyHo,PeterJones,PeterKessler,TimLindholm,Ron
Monzillo,HansMuller,HemmaPrafullchandra,MarkReinhold,
ReneSchmidt,BillShannon,BobScheifler,JimWaldo,andAnn
Wollrathforthegreatexperience,mentoring,andtechnical
challenges.
Fewpeoplerealizetheexistenceandcloseworkingrelationship
theJavasecuritydevelopmentteamatSunMicrosystems
maintainswithourpeersinotherorganizations.Ispecifically
wishtoacknowledgetheteamatIBM,includingLarryKoved,
MarcoPistoia,TonyNadalin,andBruceRich,whohavebeen
instrumentalinenhancingthefeaturesetoftheJava2security
architecture.
Asnewtechnologiesemerge,wehaveworkedcloselywith
securityresearcherswithinSunLabstointegrateandproductize
theiroutput.IwishtoacknowledgeAnneAnderson,Whitfield
Diffie,SteveHanna,SusanLandau,andRadiaPerlmanfor
passingalongbest-in-breedsecuritytechnology.
Ialsowanttothankthemanyreviewersofthistextand
specificallyrecognizeGiladBracha,MattCurtin,JamesHoburg,
PeterJones,CharlieLai,BrianLarkins,RosannaLee,JohnLinn,
RamMarti,DougMonroe,SeanMullan,ShivaramMysore,
VincentRyan,BobScheifler,AndreasSterbenz,BradWetmore,
andPhilYeaterforthefeedbacktheyprovided.Ialsowishto
recognizePeterJonesandShivaramMysorefortheircontent
contributions.
ThanksalsotoAlanSommerer,theSunMicrosystemsManager
ofTechnicalPublicationsfortheJavaplatform,forhishelpin
usheringthisbooktopublication.
Finally,Iwanttoexpressmygratitudetotheproductionteam.I
thankthecopyeditor,EvelynPyle,andtheproductionfolksat
Addison-Wesleyfortheirsupportandeffortingettingthisbook
offmylaptopandintoprint.ThankstoMarcyBarnes,Jacquelyn
Doucette,AmyFleischer,JohnFuller,MikeHendrickson,Michael
Mullen,andAnnSellers.Also,IwanttoacknowledgeMary
DarbyandAmyGirardfromDuarteDesignfortheirinnate
abilitytotakemygraphicallychallengedimagesandturnthem
intoathousandwords.
GaryEllison
SanMateo,California
March2003
IamgratefultoallpastandcurrentmembersoftheJava
SecurityandNetworkinggroupatSun,aswellascontributors
fromallovertheworld,whocontinuetostrengthenJava's
positionasthepremiercomputingplatformintheseareas.Iam
indebttoGaryEllisonandMaryDagefordefortheirtremendous
effortinproducingthissecondeditionwhichsignificantly
expandsthecoverageofthefirst.
LiGong
Beijing,China
IthasbeenapleasureworkingwithGaryEllisononthisbook.I
thankhimforhisvision,dedication,encouragement,feedback,
enormouseffortinthefaceofmultiplecompeting
responsibilities,andsenseofhumor.Ithasalsobeenmygood
fortunetoworkwithLiGongandmembersofthetop-notch
JavaSecurityandNetworkingteamatSunatvarioustimes
throughoutthepastseveralyears.Ithankthemall.Thanksalso
toLisaFriendlyofSunandMikeHendricksonofAddison-Wesley
fortheirsupportandtheirrolesinfacilitatingpublicationofthis
book.Finally,Iwouldliketothankthecopyeditor,thegraphics
designers,andtheveryhelpfulproductionfolksatAddisonWesley.
MaryDageforde
SantaClara,California
AbouttheAuthors
LiGongisManagingDirectorofSunMicrosystems'Engineering
andResearchInstituteinBeijing,China.PreviouslyatSun,he
wasengineeringheadofJavaSecurityandNetworking,Java
EmbeddedServers,andJXTA.HeobtainedB.S.andM.S.
degreesfromTsinghuaUniversity,Beijing,andaPh.D.fromthe
UniversityofCambridge.HeisAssociateEditor-in-ChiefofIEEE
InternetComputing.
GaryEllisonisaSeniorStaffEngineeratSunMicrosystems,
wherehedesignssecurenetworkcomputingplatforms.His
primaryroleisfocusedonaspectsoftrust,security,and
privacy.From1999through2002,heledthearchitecture,
design,andimplementationofthesecurityandnetworking
componentsintheJava2Platform,StandardEdition.Heholds
aB.Sc.inMathematicsandPhysicalSciencefromTheOhio
StateUniversity.
MaryDagefordeisafreelanceconsultantwhowritessoftware
documentationforvariousSiliconValleycomputercompanies,
includingSunMicrosystems.ShehasanM.S.inComputer
SciencefromStanfordUniversityandasoftwaredesignand
developmentbackgroundencompassingcompilerand
interpreterimplementation,languagedesign,anddatabase
management.Since1990,shehasconcentratedon
documentingAPIs,languages,tools,andsystems.Shewrote
theSecuritytrailofTheJava™TutorialContinued(AddisonWesley,1999).
