About Me
Oracle Certified Professional Java SE 11 Developer
1 Java Fundamentals
1-1 Java Basics
1-1 1 Java Platform Overview
1-1 2 Java Development Environment
1-1 3 Java Program Structure
1-1 4 Java Virtual Machine (JVM)
1-1 5 Java Development Kit (JDK)
1-1 6 Java Runtime Environment (JRE)
1-2 Object-Oriented Programming (OOP) Concepts
1-2 1 Classes and Objects
1-2 2 Inheritance
1-2 3 Polymorphism
1-2 4 Encapsulation
1-2 5 Abstraction
1-2 6 Interfaces
1-2 7 Abstract Classes
1-3 Data Types and Variables
1-3 1 Primitive Data Types
1-3 2 Reference Data Types
1-3 3 Variable Declaration and Initialization
1-3 4 Type Conversion and Casting
1-3 5 Arrays
1-4 Control Flow
1-4 1 Conditional Statements (if, else, switch)
1-4 2 Looping Constructs (for, while, do-while)
1-4 3 Break and Continue Statements
1-4 4 Exception Handling
2 Java Collections Framework
2-1 Collections Overview
2-1 1 Collection Interfaces
2-1 2 Collection Classes
2-1 3 Collection Algorithms
2-2 Lists
2-2 1 ArrayList
2-2 2 LinkedList
2-2 3 List Operations
2-3 Sets
2-3 1 HashSet
2-3 2 TreeSet
2-3 3 LinkedHashSet
2-4 Maps
2-4 1 HashMap
2-4 2 TreeMap
2-4 3 LinkedHashMap
2-5 Queues and Deques
2-5 1 PriorityQueue
2-5 2 ArrayDeque
3 Java Streams and Lambda Expressions
3-1 Lambda Expressions
3-1 1 Lambda Syntax
3-1 2 Functional Interfaces
3-1 3 Method References
3-2 Streams
3-2 1 Stream Creation
3-2 2 Intermediate Operations
3-2 3 Terminal Operations
3-2 4 Parallel Streams
4 Java Concurrency
4-1 Threads
4-1 1 Thread Creation
4-1 2 Thread States
4-1 3 Thread Synchronization
4-1 4 Thread Communication
4-2 Concurrency Utilities
4-2 1 Executor Framework
4-2 2 Concurrent Collections
4-2 3 Atomic Variables
4-2 4 Locks
5 Java IO and NIO
5-1 Input and Output Streams
5-1 1 Byte Streams
5-1 2 Character Streams
5-1 3 Buffered Streams
5-2 File IO
5-2 1 File Class
5-2 2 FileReader and FileWriter
5-2 3 FileInputStream and FileOutputStream
5-3 NIO (New IO)
5-3 1 Path Interface
5-3 2 Files Class
5-3 3 Channels and Buffers
5-3 4 Asynchronous IO
6 Java Date and Time API
6-1 Date and Time Classes
6-1 1 LocalDate
6-1 2 LocalTime
6-1 3 LocalDateTime
6-1 4 ZonedDateTime
6-2 Period and Duration
6-2 1 Period Class
6-2 2 Duration Class
6-3 Time Zones and Calendars
6-3 1 TimeZone Class
6-3 2 Calendar Class
7 Java Modules
7-1 Module System Overview
7-1 1 Module Declaration
7-1 2 Module Path
7-1 3 Module Dependencies
7-2 Module Resolution
7-2 1 Automatic Modules
7-2 2 Named Modules
7-2 3 Unnamed Modules
7-3 Module Services
7-3 1 Service Provider Interface (SPI)
7-3 2 ServiceLoader Class
8 Java Security
8-1 Security Basics
8-1 1 Security Manager
8-1 2 Permissions
8-1 3 Policy Files
8-2 Cryptography
8-2 1 Key Generation
8-2 2 Encryption and Decryption
8-2 3 Digital Signatures
8-3 Secure Coding Practices
8-3 1 Input Validation
8-3 2 Secure Communication
8-3 3 Authentication and Authorization
9 Java Networking
9-1 Networking Basics
9-1 1 InetAddress Class
9-1 2 URL and URLConnection Classes
9-2 Sockets
9-2 1 Socket Class
9-2 2 ServerSocket Class
9-2 3 DatagramSocket Class
9-3 Networking Protocols
9-3 1 TCPIP
9-3 2 UDP
9-3 3 HTTP
10 Java Database Connectivity (JDBC)
10-1 JDBC Basics
10-1 1 JDBC Architecture
10-1 2 JDBC Drivers
10-1 3 Establishing a Connection
10-2 Executing SQL Statements
10-2 1 Statement Interface
10-2 2 PreparedStatement Interface
10-2 3 CallableStatement Interface
10-3 ResultSet
10-3 1 ResultSet Interface
10-3 2 ResultSetMetaData Interface
10-4 Transaction Management
10-4 1 Commit and Rollback
10-4 2 Savepoints
11 Java Annotations
11-1 Annotation Basics
11-1 1 Annotation Types
11-1 2 Meta-Annotations
11-1 3 Annotation Processing
11-2 Standard Annotations
11-2 1 @Override
11-2 2 @Deprecated
11-2 3 @SuppressWarnings
11-3 Custom Annotations
11-3 1 Annotation Creation
11-3 2 Annotation Usage
12 Java Reflection
12-1 Reflection Basics
12-1 1 Class Class
12-1 2 Field Class
12-1 3 Method Class
12-2 Dynamic Class Loading
12-2 1 ClassLoader Class
12-2 2 Dynamic Proxy
12-3 Reflection API
12-3 1 Accessing Class Members
12-3 2 Modifying Class Members
13 Java Internationalization (I18N)
13-1 I18N Basics
13-1 1 Locale Class
13-1 2 ResourceBundle Class
13-2 Formatting
13-2 1 NumberFormat Class
13-2 2 DateFormat Class
13-2 3 MessageFormat Class
13-3 Character Encoding
13-3 1 Charset Class
13-3 2 String Encoding and Decoding
14 Java Platform Module System (JPMS)
14-1 Module System Overview
14-1 1 Module Declaration
14-1 2 Module Path
14-1 3 Module Dependencies
14-2 Module Resolution
14-2 1 Automatic Modules
14-2 2 Named Modules
14-2 3 Unnamed Modules
14-3 Module Services
14-3 1 Service Provider Interface (SPI)
14-3 2 ServiceLoader Class
15 Java 11 New Features
15-1 New String Methods
15-1 1 isBlank()
15-1 2 lines()
15-1 3 repeat()
15-2 New File Methods
15-2 1 writeString()
15-2 2 readString()
15-3 Local-Variable Syntax for Lambda Parameters
15-3 1 var Keyword in Lambda Expressions
15-4 HTTP Client API
15-4 1 HttpClient Class
15-4 2 HttpRequest Class
15-4 3 HttpResponse Class
15-5 Nest-Based Access Control
15-5 1 Nest Host and Nest Members
15-5 2 Nest Access Control
15-6 Epsilon Garbage Collector
15-6 1 Epsilon GC Overview
15-6 2 Epsilon GC Use Cases
15-7 Flight Recorder
15-7 1 Flight Recorder Overview
15-7 2 Flight Recorder Use Cases
15-8 Application Class-Data Sharing (CDS)
15-8 1 CDS Overview
15-8 2 CDS Use Cases
15-9 Deprecations and Removals
15-9 1 Deprecated Features
15-9 2 Removed Features
8.1.1 Security Manager Explained

8.1.1 Security Manager Explained

The Security Manager in Java is a crucial component that enforces security policies within a Java application. It acts as a gatekeeper, controlling access to system resources and ensuring that only authorized operations are performed. Understanding the Security Manager is essential for developing secure Java SE 11 applications.

Key Concepts

1. Security Manager Definition

The Security Manager is a class in the Java API that allows applications to implement a security policy. It intercepts potentially harmful operations and checks whether they are permitted according to the defined security policy.

Example

        System.setSecurityManager(new SecurityManager());

2. Security Policy

A security policy is a set of rules that define what actions are allowed or denied within a Java application. These rules are typically defined in a policy file and are enforced by the Security Manager.

Example

        grant {
            permission java.io.FilePermission "/tmp/*", "read,write";
        };

3. Permissions

Permissions are the building blocks of a security policy. They represent specific actions that can be performed, such as reading a file, writing to a file, or accessing a network resource. Permissions are granted or denied based on the security policy.

Example

        permission java.net.SocketPermission "localhost:1024-", "connect,resolve";

4. CheckPermission Method

The checkPermission method is a key method in the Security Manager that determines whether a specific action is allowed. It throws a SecurityException if the action is not permitted.

Example

        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(new FilePermission("/tmp/test.txt", "read"));
        }

5. Custom Security Manager

Developers can create custom Security Manager implementations to enforce application-specific security policies. This allows for fine-grained control over security checks and can be tailored to the specific needs of the application.

Example

        public class CustomSecurityManager extends SecurityManager {
            @Override
            public void checkPermission(Permission perm) {
                if ("read".equals(perm.getActions()) && "/tmp/secret.txt".equals(perm.getName())) {
                    throw new SecurityException("Access denied");
                }
            }
        }

Examples and Analogies

Think of the Security Manager as a bouncer at a nightclub. The bouncer (Security Manager) enforces the club's rules (security policy) and decides who can enter (permissions). If someone tries to enter without permission, the bouncer stops them. Similarly, the Security Manager stops unauthorized operations in a Java application.

By mastering the Security Manager, you can ensure that your Java SE 11 applications are secure, protecting sensitive resources and preventing unauthorized access.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.