Java application security is facilitated by Java's extensive built-in security features. In Part 1, I examined security within the Java Runtime Environment, Java security management tools and Java
Java Web Start Security
Java Web Start (JWS) is a full-fledged Java application that provides mechanisms for application distribution through a Web server and facilitates Java rich-client access to applications over a network. The underlying technology of JWS is the Java Network Launch protocol (JNLP), which provides a standard way for packaging and provisioning the Java programs (as JAR files) and then launching Java programs over a network. The JNLP-packaged applications are typically started from a Web browser that launches the client-side JWS software, which downloads, caches and then executes the application locally.
Typical to a stand-alone Java application, JWS applications run outside a Web browser using the sandbox features of the underlying Java platform. JWS also allows definition of security attributes for client-side Java applications and their access to local resources, such as file system access, making network connections, and so on. These security attributes are specified using XML tags in the JNLP descriptor file. The JNLP descriptor defines the application access privileges to the local and network resources.
In addition, JWS allows the use of digital signatures for signing JAR files in order to verify the application origin and its integrity so that it can be trusted before it is downloaded to a client machine. The certificate used to sign the JAR files is verified using the trusted certificates in the client Java keystore. This helps users avoid starting malicious applications and inadvertent downloads without knowing the originating source of the application.
Java Extensible Security Architecture and APIs
In addition to the runtime security architecture, the Java platform provides an extensible security API architectural model to support a variety of security infrastructures and services, including cryptographic services; certificate interfaces and classes for managing digital certificates; Public Key Infrastructure (PKI) interfaces and classes to access, modify and manage the key repository; certificates and secure socket communication to protect the privacy and integrity of data transited over the network; services for authentication and access control; and mechanisms for single sign-on (SSO) access to underlying applications.
The Java platform facilitates an extensible security architectural model via standards-based security API technologies that provide platform independence and allow interoperability among vendor implementations. It adds on a variety of security features to the core Java platform by integrating technologies to support cryptography, certificate management, authentication and authorization, secure communication, and other custom security mechanisms. The following illustrates the Java extensible security architecture and its core API mechanisms.
Java Platform Extensible Security Architecture and Elements
As part of the J2SE bundle, the Java extensible security architecture provides the following set of API frameworks, which contributes to the end-to-end of Java application security:
The JCA provides basic cryptographic services and algorithms, which include support for digital signatures and message digests. The JCA facilitates support for various cryptographic algorithms by defining the types and functionalities of cryptographic services. The cryptographic services include support for message digests and digital signatures. The JCA also ensures interoperability among the provider implementations using a standardized set of APIs, which implements those required cryptographic algorithms and services. For example, using the same algorithms, a key generated by one provider can be used by another provider; likewise, a digital signature generated by one provider can be verified using another provider.
JAAS provides Java API mechanisms and services for enabling authentication and authorization in Java-based application solutions. JAAS is the Java implementation of the Pluggable Authentication Module (PAM) framework originally developed for Sun's Solaris operating system. PAM enables the plugging in of authentication mechanisms, which allows applications to remain independent of the underlying authentication technologies. Using a PAM-based approach, JAAS Authentication modules allow integrating authentication technologies such as Kerberos, RSA, smart cards and biometric authentication systems.
Java SASL provides an authentication mechanism-neutral solution so the application that uses the API need not be hardwired to use any particular SASL mechanism. The API facilitates both client and server applications. It allows applications to select the mechanism based on desired security features such as whether they are susceptible to passive dictionary attacks or whether they accept anonymous authentication. The Java SASL API supports developers creating their own custom SASL mechanisms. SASL mechanisms are installed by using the JCA.
About the author: Ramesh Nagappan, CISSP, is a Java Technology Architect at Sun Microsystems who specializes in Java distributed computing architectures for mission-critical enterprise applications, Identity assurance and Access Management. Ramesh is the co-author of Core Security Patterns and also three other books on topics related to J2EE, EAI and Web Services. He frequently speaks at industry conferences related to Java, XML and Security. His current technology focus is on Web services security, identity assurance and strong authentication technologies using PKI, smart cards and biometrics.