The book I get is 2nd version, so it's still fresh even author released it in 2001.
The book consists of 15 chapters each of which focuses on one of JAVA security topics. In the following days, I will share my study notes with you guys.
First of all, I list the chapter list here (actually, you could find them around internet easily):
Chapter 1, Java Application Security
Chapter 2, The Default Sandbox
Chapter 3, Java Language Security
Chapter 4, The Security Manager
Chapter 5, The Access Controller
Chapter 6, Java Class Loader
Chapter 7, Introduction to Cryptography
Chapter 8, Security Providors
Chapter 9, Keys and Certificates
Chapter 10, Key Management
Chapter 11, Message Digests
Chapter 12, Digital Signatures
Chapter 13, Cipher-Based Encryption
Chapter 14, SSL and HTTPS
Chapter 15, Authentication and Authorization
If you review above titiles of chapters carefully and are familiar with JAVA Application anatomy, author presents his view along with JAVA topography nodes. Let's recall the whole JAVA anatomy as author did:
--------------------------------------------------------------------------------------------
Remote Class Files Local Class Files
---------------------------------------------------------------------------------------------
Signed Class Files
---------------------------------------------------------------------------------------------
Bytecode Verifier
----------------------------------------------------------------------------------------------
Core API Class Files Class Loader
-----------------------------------------------------------------------------------------------
Security Package Core Java API
-----------------------------------------------------------------------------------------------
main of Security Manager + part of Access Controller
-----------------------------------------------------------------------------------------------
part of Security Manager + main of Access Controller
------------------------------------------------------------------------------------------------
Key Database
------------------------------------------------------------------------------------------------
Operating System
-------------------------------------------------------------------------------------------------
According to the above diagram, to add security logics up in every site of Java implementation is the essential thought of this book. Additionally, sandbox is the critical framework we need to follow. In real cases, the compromise between performance and effectiveness is hardly averted.
So far we browse the overview of this book, I will go on my notes later.