The last two items in this list have broad applicability beyond expanding the Java sandbox. With respect to the sandbox, digital signatures play an important role because they provide authentication of who actually provided the Java class. As well see, this provides the ability for end users and system administrators to grant very specific privileges to individual classes or signers. But a digital signature might be used for other applications. Lets say that youre deploying a payroll application throughout a large corporation. When an employee sends a request to view his payroll information, you really want to make sure that the request came from that employee rather than from someone else in the corporation. Often, this type of application is secured by a simple password, but a more secure system could require a digitally signed request before it sent out the payroll information. This list is also a rough outline of the path well take through this book. Well start by looking at the default sandbox and how it can be administered. Following that, well look at the details of everything that makes up that sandbox, from the bytecode verifier through the access controller. Then well move into the security APIs that allow you to add digital signatures and encryption to your own applications.

1.4 Security Debugging

The Java security packages include debugging code that you can enable via a system property. The property in question is java.security.debug , and it may be set to the following values: all Turn on all the debugging options. access Trace all calls to the checkPermission method of the access controller. This allows you to see which permissions your code is requesting, which calls are succeeding, and which ones are failing. This option has the following sub−options. If no sub−option is specified, then all are in force: Chapter 1. Java Application Security stack Dump the stack every time a permission is checked. failure Dump the stack only when a permission is denied. domain Dump the protection domain in force when a protection is checked. jar When processing a signed jar file, print the signatures in the file, their certificates, and the classes to which they apply. policy Print information about policy files as they are parsed, including their location in the filesystem, the permissions they grant, and the certificates they use for signed code. scl Print information about the permissions granted directly by a secure class loader rather than granted through a policy file. These options should be given as a comma−separated list including the sub−options for the access option. For example, to see the permissions granted by the secure class loader and see a stack trace when a permission check fails, you would specify −Djava.security.debug=scl,access,failure on the command line. JSSE extends this facility by consulting the javax.net.debug property for the following options: all Turn on all options and sub−options. ssl Turn on SSL debugging. This option has the following sub−options all of which are in force if none are specified: record Print a trace of each SSL record at the SSL protocol level. handshake Print each handshake message as it is received. keygen Print key generation data for the secret key exchange. session Print SSL session activity. defaultctx Print the default SSL initialization information. sslctx Print information about the SSL context. sessioncache Print information about the SSL session cache. keymanager Print information about calls to the key manager. trustmanager Print information about calls to the trust manager. data For handshake tracing, print out a hex dump of each message. verbose For handshake tracing, print out verbose information. plaintext For record tracing, print out a hex dump of the record. As you progress through the samples in the book, you can turn various options on in order to see more information about whats going on.

1.5 Summary