| java.security |
Provides the classes and interfaces for the security framework.
This includes classes that implement an easily configurable,
fine-grained access control security architecture.
This package also supports
the generation and storage of cryptographic public key pairs,
as well as a number of exportable cryptographic operations
including those for message digest and signature generation. Finally,
this package provides classes that support signed/guarded objects
and secure random number generation.
Many of the classes provided in this package (the cryptographic
and secure random number generator classes in particular) are
provider-based. The class itself defines a programming interface
to which applications may write. The implementations themselves may
then be written by independent third-party vendors and plugged
in seamlessly as needed. Therefore application developers may
take advantage of any number of provider-based implementations
without having to add or rewrite code.
Package Specification
Related Documentation
For further documentation, please see:
@since JDK1.1
|
| Java Source File Name | Type | Comment |
| AccessControlContext.java | Class | An AccessControlContext is used to make system resource access decisions
based on the context it encapsulates.
More specifically, it encapsulates a context and
has a single method, checkPermission,
that is equivalent to the checkPermission method
in the AccessController class, with one difference: The AccessControlContext
checkPermission method makes access decisions based on the
context it encapsulates,
rather than that of the current execution thread.
Thus, the purpose of AccessControlContext is for those situations where
a security check that should be made within a given context
actually needs to be done from within a
different context (for example, from within a worker thread).
An AccessControlContext is created by calling the
AccessController.getContext method. |
| AccessControlException.java | Class | This exception is thrown by the AccessController to indicate
that a requested access (to a critical system resource such as the
file system or the network) is denied.
The reason to deny access can vary. |
| AccessController.java | Class | |
| AlgorithmParameterGenerator.java | Class | The AlgorithmParameterGenerator class is used to generate a
set of
parameters to be used with a certain algorithm. |
| AlgorithmParameterGeneratorSpi.java | Class | This class defines the Service Provider Interface (SPI)
for the AlgorithmParameterGenerator class, which
is used to generate a set of parameters to be used with a certain algorithm. |
| AlgorithmParameters.java | Class | This class is used as an opaque representation of cryptographic parameters. |
| AlgorithmParametersSpi.java | Class | This class defines the Service Provider Interface (SPI)
for the AlgorithmParameters class, which is used to manage
algorithm parameters. |
| AllPermission.java | Class | The AllPermission is a permission that implies all other permissions.
Note: Granting AllPermission should be done with extreme care,
as it implies all other permissions. |
| AuthProvider.java | Class | This class defines login and logout methods for a provider. |
| BasicPermission.java | Class | The BasicPermission class extends the Permission class, and
can be used as the base class for permissions that want to
follow the same naming convention as BasicPermission.
The name for a BasicPermission is the name of the given permission
(for example, "exit",
"setFactory", "print.queueJob", etc). |
| Certificate.java | Interface | This is an interface of abstract methods for managing a
variety of identity certificates.
An identity certificate is a guarantee by a principal that
a public key is that of another principal. |
| CodeSigner.java | Class | This class encapsulates information about a code signer. |
| CodeSource.java | Class | This class extends the concept of a codebase to
encapsulate not only the location (URL) but also the certificate chains
that were used to verify signed code originating from that location. |
| DigestException.java | Class | This is the generic Message Digest exception. |
| DigestInputStream.java | Class | A transparent stream that updates the associated message digest using
the bits going through the stream.
To complete the message digest computation, call one of the
digest methods on the associated message
digest after your calls to one of this digest input stream's
DigestInputStream.read() read methods.
It is possible to turn this stream on or off (see
DigestInputStream.on(boolean) on ). |
| DigestOutputStream.java | Class | A transparent stream that updates the associated message digest using
the bits going through the stream.
To complete the message digest computation, call one of the
digest methods on the associated message
digest after your calls to one of this digest ouput stream's
DigestOutputStream.write(int) write methods.
It is possible to turn this stream on or off (see
DigestOutputStream.on(boolean) on ). |
| DomainCombiner.java | Interface | A DomainCombiner provides a means to dynamically
update the ProtectionDomains associated with the current
AccessControlContext.
A DomainCombiner is passed as a parameter to the
appropriate constructor for AccessControlContext.
The newly constructed context is then passed to the
AccessController.doPrivileged(..., context) method
to bind the provided context (and associated DomainCombiner)
with the current execution Thread. |
| GeneralSecurityException.java | Class | The GeneralSecurityException class is a generic
security exception class that provides type safety for all the
security-related exception classes that extend from it. |
| Guard.java | Interface | This interface represents a guard, which is an object that is used
to protect access to another object.
This interface contains a single method, checkGuard,
with a single object argument. |
| GuardedObject.java | Class | A GuardedObject is an object that is used to protect access to
another object.
A GuardedObject encapsulates a target object and a Guard object,
such that access to the target object is possible
only if the Guard object allows it.
Once an object is encapsulated by a GuardedObject,
access to that object is controlled by the getObject
method, which invokes the
checkGuard method on the Guard object that is
guarding access. |
| Identity.java | Class | This class represents identities: real-world objects such as people,
companies or organizations whose identities can be authenticated using
their public keys. |
| IdentityScope.java | Class | This class represents a scope for identities. |
| InvalidAlgorithmParameterException.java | Class | This is the exception for invalid or inappropriate algorithm parameters. |
| InvalidKeyException.java | Class | This is the exception for invalid Keys (invalid encoding, wrong
length, uninitialized, etc). |
| InvalidParameterException.java | Class | This exception, designed for use by the JCA/JCE engine classes,
is thrown when an invalid parameter is passed
to a method. |
| Key.java | Interface | The Key interface is the top-level interface for all keys. |
| KeyException.java | Class | This is the basic key exception. |
| KeyFactory.java | Class | Key factories are used to convert keys (opaque
cryptographic keys of type Key) into key specifications
(transparent representations of the underlying key material), and vice
versa.
Key factories are bi-directional. |
| KeyFactorySpi.java | Class | This class defines the Service Provider Interface (SPI)
for the KeyFactory class.
All the abstract methods in this class must be implemented by each
cryptographic service provider who wishes to supply the implementation
of a key factory for a particular algorithm.
Key factories are used to convert keys (opaque
cryptographic keys of type Key) into key specifications
(transparent representations of the underlying key material), and vice
versa.
Key factories are bi-directional. |
| KeyManagementException.java | Class | This is the general key management exception for all operations
dealing with key management. |
| KeyPair.java | Class | This class is a simple holder for a key pair (a public key and a
private key). |
| KeyPairGenerator.java | Class | The KeyPairGenerator class is used to generate pairs of
public and private keys. |
| KeyPairGeneratorSpi.java | Class | This class defines the Service Provider Interface (SPI)
for the KeyPairGenerator class, which is used to generate
pairs of public and private keys. |
| KeyRep.java | Class | Standardized representation for serialized Key objects.
Note that a serialized Key may contain sensitive information
which should not be exposed in untrusted environments. |
| KeyStore.java | Class | This class represents a storage facility for cryptographic
keys and certificates.
A KeyStore manages different types of entries.
Each type of entry implements the KeyStore.Entry interface.
Three basic KeyStore.Entry implementations are provided:
|
| KeyStoreException.java | Class | This is the generic KeyStore exception. |
| KeyStoreSpi.java | Class | This class defines the Service Provider Interface (SPI)
for the KeyStore class. |
| MessageDigest.java | Class | This MessageDigest class provides applications the functionality of a
message digest algorithm, such as MD5 or SHA.
Message digests are secure one-way hash functions that take arbitrary-sized
data and output a fixed-length hash value.
A MessageDigest object starts out initialized. |
| MessageDigestSpi.java | Class | This class defines the Service Provider Interface (SPI)
for the MessageDigest class, which provides the functionality
of a message digest algorithm, such as MD5 or SHA. |
| NoSuchAlgorithmException.java | Class | This exception is thrown when a particular cryptographic algorithm is
requested but is not available in the environment. |
| NoSuchProviderException.java | Class | This exception is thrown when a particular security provider is
requested but is not available in the environment. |
| Permission.java | Class | Abstract class for representing access to a system resource.
All permissions have a name (whose interpretation depends on the subclass),
as well as abstract functions for defining the semantics of the
particular Permission subclass. |
| PermissionCollection.java | Class | Abstract class representing a collection of Permission objects.
With a PermissionCollection, you can:
- add a permission to the collection using the
add method.
- check to see if a particular permission is implied in the
collection, using the
implies method.
- enumerate all the permissions, using the
elements method.
When it is desirable to group together a number of Permission objects
of the same type, the newPermissionCollection method on that
particular type of Permission object should first be called. |
| Permissions.java | Class | This class represents a heterogeneous collection of Permissions. |
| Policy.java | Class | A Policy object is responsible for determining whether code executing
in the Java runtime environment has permission to perform a
security-sensitive operation.
There is only one Policy object installed in the runtime at any
given time. |
| PolicySpi.java | Class | This class defines the Service Provider Interface (SPI)
for the Policy class.
All the abstract methods in this class must be implemented by each
service provider who wishes to supply a Policy implementation.
Subclass implementations of this abstract class must provide
a public constructor that takes a Policy.Parameters
object as an input parameter. |
| Principal.java | Interface | This interface represents the abstract notion of a principal, which
can be used to represent any entity, such as an individual, a
corporation, and a login id. |
| PrivateKey.java | Interface | A private key. |
| PrivilegedAction.java | Interface | A computation to be performed with privileges enabled. |
| PrivilegedActionException.java | Class | This exception is thrown by
doPrivileged(PrivilegedExceptionAction) and
doPrivileged(PrivilegedExceptionAction,
AccessControlContext context) to indicate
that the action being performed threw a checked exception. |
| PrivilegedExceptionAction.java | Interface | A computation to be performed with privileges enabled, that throws one or
more checked exceptions. |
| ProtectionDomain.java | Class |
This ProtectionDomain class encapsulates the characteristics of a domain,
which encloses a set of classes whose instances are granted a set
of permissions when being executed on behalf of a given set of Principals.
A static set of permissions can be bound to a ProtectionDomain when it is
constructed; such permissions are granted to the domain regardless of the
Policy in force. |
| Provider.java | Class | This class represents a "provider" for the
Java Security API, where a provider implements some or all parts of
Java Security. |
| ProviderException.java | Class | A runtime exception for Provider exceptions (such as
misconfiguration errors or unrecoverable internal errors),
which may be subclassed by Providers to
throw specialized, provider-specific runtime errors. |
| PublicKey.java | Interface | A public key. |
| SecureClassLoader.java | Class | This class extends ClassLoader with additional support for defining
classes with an associated code source and permissions which are
retrieved by the system policy by default. |
| SecureRandom.java | Class | This class provides a cryptographically strong random number
generator (RNG). |
| SecureRandomSpi.java | Class | This class defines the Service Provider Interface (SPI)
for the SecureRandom class. |
| Security.java | Class | This class centralizes all security properties and common security
methods. |
| SecurityPermission.java | Class | This class is for security permissions.
A SecurityPermission contains a name (also referred to as a "target name")
but no actions list; you either have the named permission
or you don't.
The target name is the name of a security configuration parameter (see below).
Currently the SecurityPermission object is used to guard access
to the Policy, Security, Provider, Signer, and Identity
objects.
The following table lists all the possible SecurityPermission target names,
and for each provides a description of what the permission allows
and a discussion of the risks of granting code the permission.
| Permission Target Name |
What the Permission Allows |
Risks of Allowing this Permission |
| createAccessControlContext |
Creation of an AccessControlContext |
This allows someone to instantiate an AccessControlContext
with a DomainCombiner. | | Signature.java | Class | This Signature class is used to provide applications the functionality
of a digital signature algorithm. | | SignatureException.java | Class | This is the generic Signature exception. | | SignatureSpi.java | Class | This class defines the Service Provider Interface (SPI)
for the Signature class, which is used to provide the
functionality of a digital signature algorithm. | | SignedObject.java | Class | SignedObject is a class for the purpose of creating authentic
runtime objects whose integrity cannot be compromised without being
detected.
More specifically, a SignedObject contains another Serializable
object, the (to-be-)signed object and its signature.
The signed object is a "deep copy" (in serialized form) of an
original object. | | Signer.java | Class | This class is used to represent an Identity that can also digitally
sign data. | | Timestamp.java | Class | This class encapsulates information about a signed timestamp. | | UnrecoverableEntryException.java | Class | This exception is thrown if an entry in the keystore cannot be recovered. | | UnrecoverableKeyException.java | Class | This exception is thrown if a key in the keystore cannot be recovered. | | UnresolvedPermission.java | Class | The UnresolvedPermission class is used to hold Permissions that
were "unresolved" when the Policy was initialized. | | UnresolvedPermissionCollection.java | Class | A UnresolvedPermissionCollection stores a collection
of UnresolvedPermission permissions. | | URIParameter.java | Class | A parameter that contains a URI pointing to data intended for a
PolicySpi or ConfigurationSpi implementation. |
|