Policy-based, easily-configurable, fine-grained access control.
When code is loaded, it is assigned "permissions" based on the
security policy currently in effect. Each permission specifies
a permitted access to a particular resource (such as "read" and
"write" access to a specified file or directory, "connect" access
to a given host and port, etc.). The policy, specifying which permissions
are available for code from various signers/locations, can be initialized
from an external configurable policy file. Unless
a permission is explicitly granted to code, it cannot access the resource
that is guarded by that permission.
These new concepts of permission and policy enable the
Java 2 Platform
to offer fine-grain, highly configurable, flexible, and extensible
access control. Such access control can now not only be specified for
applets, but also for all Java code, including applications, beans, and
servlets.
Certificate interfaces for parsing and managing certificates, and
X.509 v3 implementation of the certificate interfaces.
Three new tools: keytool is used to create public/private keys; to
display, import, and export certificates; and to generate
X.509 v1 self-signed certificates. jarsigner signs JAR (Java
Archive Format) files, and verifies the signature(s) of signed JAR files.
policytool creates and modifies the external policy configuration files that define your installation's Java security policy.
Security enhancements for Java
TM 2 SDK, Standard Edition, v 1.3