Security Programming in Java
Speaker | Guy Gershoni |
---|---|
Time | 2008-01-28 10:30 |
Conference | LCA2008 |
Java security frameworks
J2SE Security
java.policy policy file:
- security policy
- not used unless security manager loaded
- security manager loaded by request
- or security manager loaded by environment
Starting Security Manager
java -Djava.security.manager -Djava.security.policy=$URL $APP
or only load one config:
java -Djava.security.manager -Djava.security.policy==$URL $APP
JCE
Sealed objects
JAAS
Tutorials complicate usage.
Authorisation
- use must be authenticated first.
- grant authenticated user principle permissions.
Web applications
etc