| Package Name | Comment |
| java.security |
Provides the classes and interfaces for the security framework.
This includes classes that implement an easily configurable,
fine-grained access control security architecture.
This package also supports
the generation and storage of cryptographic public key pairs,
as well as a number of exportable cryptographic operations
including those for message digest and signature generation. Finally,
this package provides classes that support signed/guarded objects
and secure random number generation.
Many of the classes provided in this package (the cryptographic
and secure random number generator classes in particular) are
provider-based. The class itself defines a programming interface
to which applications may write. The implementations themselves may
then be written by independent third-party vendors and plugged
in seamlessly as needed. Therefore application developers may
take advantage of any number of provider-based implementations
without having to add or rewrite code.
Package Specification
Related Documentation
For further documentation, please see:
@since JDK1.1
|
| java.security.acl |
The classes and interfaces in this package have been
superseded by classes in the java.security package.
See that package and, for example, java.security.Permission for details.
@since JDK1.1
|
| java.security.cert |
Provides classes and interfaces for parsing and managing
certificates, certificate revocation lists (CRLs), and
certification paths. It contains support for X.509 v3
certificates and X.509 v2 CRLs.
Package Specification
Related Documentation
For information about X.509 certificates and CRLs, please see:
@since 1.2
|
| java.security.interfaces |
Provides interfaces for generating RSA (Rivest, Shamir and
Adleman AsymmetricCipher algorithm)
keys as defined in the RSA Laboratory Technical Note
PKCS#1, and DSA (Digital Signature
Algorithm) keys as defined in NIST's FIPS-186.
Note that these interfaces are intended only for key
implementations whose key material is accessible and
available. These interfaces are not intended for key
implementations whose key material resides in
inaccessible, protected storage (such as in a
hardware device).
For more developer information on how to use these
interfaces, including information on how to design
Key classes for hardware devices, please refer
to these cryptographic provider developer guides:
Package Specification
- PKCS #1: RSA Encryption Standard, Version 1.5, November 1993
- Federal Information Processing Standards Publication (FIPS PUB) 186:
Digital Signature Standard (DSS)
Related Documentation
For further documentation, please see:
@since JDK1.1
|
| java.security.spec |
Provides classes and interfaces for key specifications and algorithm
parameter specifications.
A key specification is a transparent representation of the key material
that constitutes a key. A key may be specified in an algorithm-specific
way, or in an algorithm-independent encoding format (such as ASN.1).
This package contains key specifications for DSA public and private keys,
RSA public and private keys, PKCS #8 private keys in DER-encoded format,
and X.509 public and private keys in DER-encoded format.
An algorithm parameter specification is a transparent representation
of the sets of parameters used with an algorithm. This package contains
an algorithm parameter specification for parameters used with the
DSA algorithm.
Package Specification
- PKCS #1: RSA Encryption Standard, Version 1.5, November 1993
- PKCS #8: Private-Key Information Syntax Standard,
Version 1.2, November 1993
- Federal Information Processing Standards Publication (FIPS PUB) 186:
Digital Signature Standard (DSS)
Related Documentation
For documentation that includes information about algorithm parameter
and key specifications, please see:
@since 1.2
|
| javax.security.auth |
This package provides a framework for authentication and
authorization. The framework allows
authentication to be performed in pluggable fashion. Different
authentication modules can be plugged under an application without
requiring modifications to the application itself. The
authorization component allows specification of access controls
based on code location, code signers and code executors
(Subjects).
@since JDK1.4
|
| javax.security.auth.callback |
This package provides the classes necessary for services
to interact with applications in order to retrieve
information (authentication data including usernames
or passwords, for example) or to display information
(error and warning messages, for example).
@since JDK1.4
|
| javax.security.auth.kerberos |
This package contains utility classes related to the Kerberos network
authentication protocol. They do not provide much Kerberos support
themselves.
The Kerberos network authentication protocol is defined in
RFC 4120. The Java
platform contains support for the client side of Kerberos via the
{@link org.ietf.jgss} package. There might also be
a login module that implements
{@link javax.security.auth.spi.LoginModule LoginModule} to authenticate
Kerberos principals.
You can provide the name of your default realm and Key Distribution
Center (KDC) host for that realm using the system properties
java.security.krb5.realm and java.security.krb5.kdc. Alternatively, you
can provide an MIT style configuration file called krb5.conf in
<java-home>/lib/security. If you place this file elsewhere, you can
indicate that location via the system property java.security.krb5.conf.
@since JDK1.4
|
| javax.security.auth.login |
This package provides a pluggable authentication framework.
@since JDK1.4
|
| javax.security.auth.spi |
This package provides the interface to be used for
implementing pluggable authentication modules.
@since JDK1.4
|
| javax.security.auth.x500 |
This package contains the classes that should be used to store
X500 Principal and X500 Private Crendentials in a
Subject.
@since JDK1.4
|
| javax.security.cert |
Provides classes for public key certificates.
These classes include a simplified version of the
java.security.cert package. These classes were developed
as part of the Java Secure Socket
Extension (JSSE). When JSSE was added to the J2SE version 1.4, this
package was added for backward-compatibility reasons only.
New applications should not use this package, but rather
java.security.cert.
@since 1.4
|
| javax.security.sasl |
Contains class and interfaces for supporting SASL.
This package defines classes and interfaces for SASL mechanisms.
It is used by developers to add authentication support for
connection-based protocols that use SASL.
SASL Overview
Simple Authentication and Security Layer (SASL) specifies a
challenge-response protocol in which data is exchanged between the
client and the server for the purposes of
authentication and (optional) establishment of a security layer on
which to carry on subsequent communications. It is used with
connection-based protocols such as LDAPv3 or IMAPv4. SASL is
described in
RFC 2222.
There are various mechanisms defined for SASL.
Each mechanism defines the data that must be exchanged between the
client and server in order for the authentication to succeed.
This data exchange required for a particular mechanism is referred to
to as its protocol profile.
The following are some examples of mechanims that have been defined by
the Internet standards community.
- DIGEST-MD5 (RFC 2831).
This mechanism defines how HTTP Digest Authentication can be used as a SASL
mechanism.
- Anonymous (RFC 2245).
This mechamism is anonymous authentication in which no credentials are
necessary.
- External (RFC 2222).
This mechanism obtains authentication information
from an external source (such as TLS or IPsec).
- S/Key (RFC 2222).
This mechanism uses the MD4 digest algorithm to exchange data based on
a shared secret.
- GSSAPI (RFC 2222).
This mechanism uses the
GSSAPI
for obtaining authentication information.
Some of these mechanisms provide both authentication and establishment
of a security layer, others only authentication. Anonymous and
S/Key do not provide for any security layers. GSSAPI and DIGEST-MD5
allow negotiation of the security layer. For External, the
security layer is determined by the external protocol.
Usage
Users of this API are typically developers who produce
client library implementations for connection-based protocols,
such as LDAPv3 and IMAPv4,
and developers who write servers (such as LDAP servers and IMAP servers).
Developers who write client libraries use the
SaslClient and SaslClientFactory interfaces.
Developers who write servers use the
SaslServer and SaslServerFactory interfaces.
Among these two groups of users, each can be further divided into two groups:
those who produce the SASL mechanisms and those
who use the SASL mechanisms.
The producers of SASL mechanisms need to provide implementations
for these interfaces, while users of the SASL mechanisms use
the APIs in this package to access those implementations.
Related Documentation
Please refer to the
Java
SASL Programming Guide for information on how to use this API.
@since 1.5
|