Description
Course info
Rating
(87)
Level
Intermediate
Updated
May 13, 2020
Duration
1h 27m
Description

Java security is built around the idea of permissions and policy. Code is granted permissions based on the currently in-force policy. In this course, we look at how the security manager and access controller work hand-in-hand to provide this security. The course covers how to set a security manager and how to set up and edit a policy file to grant the levels of permissions that code needs. Permissions are typically based on where code is loaded from but we also look at how to sign code, so that permissions can be based on who created a library. The course also looks at how the AccessController walk the call stack to check that a permission can be granted. While the JRE comes with a set of permissions, these are not always enough so the class covers creating and using your own permissions. Finally we cover the idea of 'privileged scope' which allows code to be granted some permission even when code around them should cause the grant to fail.

About the author
About the author

Kevin has spent way too many years in the software industry. Starting on PL/1 on IBM mainframes then graduating through dBase IV to Windows and eventually onto Java, .Net and now JavaScript where he finally thinks he has found a home until the next new shiny comes along.

More from the author
Introduction to the Java API for Web Sockets
Intermediate
1h 53m
Jun 5, 2020
Architecting Web Applications with Spring
Intermediate
1h 58m
Jun 2, 2020
More courses by Kevin Jones
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, everyone. My name is Kevin Jones, and welcome to my course, Understanding the Java virtual Machine: Security. I am a developer and owner at Rock Solid Knowledge, a software development company based in the United Kingdom. One of the original selling points of Java was its code security model and how it allows you to load code from anywhere but limit what that code could do. You can base the security on the location the code was loaded from or on who created the JAR that you are loading. Some of the major topics we'll cover in this course include understanding how the Java SecurityManager and AccessController work together to secure your code, examining how and why the stack is walked when security decisions are made, see the classes involved in code security, and learning how to limit the stack walk if necessary to always allow certain code to run. By the end of this course, you'll understand how Java can limit your code's privileges based on security information. Before beginning the course, you should be familiar with the Java language. I hope you'll join me on this journey to understand code security with the Understanding the Java Virtual Machine Security course, at Pluralsight.

Introduction
[Autogenerated] Hi, everyone. My name is Kevin Jones. Welcome to my course. Understanding the Java virtual machine Security. I am a developer and owner of Rock Solid Knowledge, a software development company based in the United Kingdom. One of the original selling point of Java was its code security model and how it allows you to load code from anywhere that limit what that code could do. You can base the security on the location the code was loaded from on who created the jar that you are loading. Some of the major topics we're covering this course include understanding how the job security manager on access controller work together. Secure your code, examining how and why this stock is walked when security decisions are made. See the class is involved in co security on learning how to limit this stock walk if necessary, to always allow certain co two run By the end of this course, you'll understand. Java can limit your codes privileges based on security information before beginning the course. You should be familiar with the Java language. I hope you'll join me on this journey to understand code security with the understanding that Java virtual machine security course plural site