Home > Developer > Java

Introduction to the Java security model

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

As a language born of the rise of the Internet, Java from the outset with security considerations, how to ensure that the download to the local Java program on the Internet is safe, how to access the Java program permissions to local resources Limited authorization, these security considerations from the outset to affect the Java The design and implementation of language. It can be said that Java in these aspects of exploration and experience, some of the later language and products have brought a positive impact.

This article will introduce the security model in Java and how to use secure access control mechanisms to achieve some specific goals.

The security model in Java

In Java, the execution program is divided into two local and remote, and the local code is treated as trustworthy by default, while remote code is considered untrusted. For the local code of the credit, you can access all local resources. For non-credit remote code in the early Java implementation, security relies on the sandbox (Sandbox) mechanism. The sandbox mechanism is to limit the Java code to the specific operational scope of the virtual machine (JVM), and strictly restrict the code's access to the local system's resources, so as to ensure effective isolation of remote code and prevent damage to the local system. As shown in Figure 1,

Graph 1.jdk1.0 Security Model

But such stringent security mechanisms also pose obstacles to the extension of the program's functionality, such as when users want remote code to access files on the local system. As a result, improvements to the security mechanism have been made in subsequent Java1.1 releases, adding security policies that allow users to specify code access to local resources. As shown in Figure 2,

Graph 2.jdk1.1 Security Model

In the Java1.2 version, the security mechanism was again improved and code signing was added. Regardless of the local code or remote code, according to the user's security policy settings, the class loader loaded into the virtual machine in different permissions of the operating space, to achieve differentiated code execution rights control. As shown in Figure 3,

Graph 3.jdk1.2 Security Model

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More