Java SE Security

Java security technology includes a large set of APIs, tools, and implementations of commonly used security algorithms, mechanisms, and protocols. The Java security APIs span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control. Java security technology provides the developer with a comprehensive security framework for writing applications, and also provides the user or administrator with a set of tools to securely manage applications.

Java SE Security Documentation: Java SE 8 | Java SE 7 | Java SE 6 | J2SE 5.0

Other Resources:

Secure Coding Guidelines
(Updated for Java SE 8)
Including CA Root certificates in Java SE
Critical Patch Updates & Security Alerts
Java Security Forums
Archived:
JAAS, JCE, and JSSE Optional packages

Java SE Security Overview

Underlying the Java SE Platform is a dynamic, extensible security architecture, standards-based and interoperable. Security features — cryptography, authentication and authorization, public key infrastructure, and more — are built in. The Java security model is based on a customizable "sandbox" in which Java software programs can run safely, without potential risk to systems or users.

The table below describes each security feature in more detail and points you to resources with more information.

See the Java SE 8 Security Documentation for further information on the security features and changes for the current release.

High-level Features	Low-level Features	Benefits	References
Platform Security	Built-in language security features enforced by the Java compiler and virtual machine: Strong data typing Automatic memory management Bytecode verification Secure class loading	Provides a safe and secure platform for developing and running applications. Compile-time data type checking and automatic memory management leads to more robust code and reduces memory corruption and vulnerabilities. Bytecode verification ensures code conforms to the JVM specification and prevents hostile code from corrupting the runtime environment. Class loaders ensure that untrusted code cannot interfere with the running of other Java programs.	The Java Language Specification
Cryptography	Comprehensive API with support for a wide range of cryptographic services including digital signatures, message digests, ciphers (symmetric, asymmetric, stream & block), message authentication codes, key generators and key factories Support for a wide range of standard algorithms including RSA, DSA, AES, Triple DES, SHA, PKCS#5, RC2, and RC4. PKCS#11 cryptographic token support	Provides an extensible, full featured API for building secure applications: Algorithm and implementation independent Provider-based (pluggable) architecture	Java Cryptography Architecture(JCA) (includes the Java Cryptographic Extension (JCE))
Authentication and Access Control	Abstract authentication APIs that can incorporate a wide range of login mechanisms through a pluggable architecture. A comprehensive policy and permissions API that allows the developer to create and administer applications requiring fine-grained access to security-sensitive resources.	Enables single sign-on of multiple authentication mechanisms and fine-grained access to resources based on the identity of the user or code signer. Recent support (in JDK 5) for timestamped signatures makes it easier to deploy signed code by avoiding the need to re-sign code when the signer's certificate expires.	Java Security Architecture Java Authentication and Authorization Service (JAAS) Policy Implementation and Syntax Signature Timestamp Support
Secure Communications	APIs and implementations for the following standards-based secure communications protocols: Transport Layer Security (TLS), Secure Sockets Layer (SSL), Kerberos (accessible through GSS-API), and the Simple Authentication and Security Layer (SASL). Full support for HTTPS over SSL/TLS is also included.	Authenticates peers over an untrusted network and protects the integrity and privacy of data transmitted between them.	Java Secure Socket Extension (JSSE) Java GSS-API (JGSS) Java SASL API
Public Key Infrastructure (PKI)	Tools for managing keys and certificates and comprehensive, abstract APIs with support for the following features and algorithms: Certificates and Certificate Revocation Lists (CRLs): X.509 Certification Path Validators and Builders: PKIX (RFC 3280), On-line Certificate Status Protocol (OCSP) KeyStores: PKCS#11, PKCS#12 Certificate Stores (Repositories): LDAP, java.util.Collection	Eases the development and deployment of complex PKI applications. Recent support (in JDK 5) for OCSP provides a more scalable and timely method for applications to check certificate revocation status.	X.509 Certificate and Certificate Revocations Lists (CRLs) Java CertPath API On-Line Certificate Status Protocol (OCSP) Java PKCS#11 Reference Guide

	Java SDKs and Tools
Java SE Java EE and Glassfish Java ME Java Card NetBeans IDE Java Mission Control

	Java Resources
Java APIs Technical Articles Demos and Videos Forums Java Magazine Java.net Developer Training Tutorials Java.com

E-mail this page

Printer View

Oracle Cloud

Java

Customers and Events

Email Subscriptions

Subscription Center

Communities

Services and Store

Log In to My Oracle Support
Training and Certification
Become a Partner
Find a Partner Solution
Purchase from the Oracle Store
Source Code for Open Source Software
Contact and Chat
US Sales: +1.800.633.0738
Global Contacts
Oracle Support
Partner Support

Products

Solutions

Downloads

Store

Support

Training

Partners

About

OTN

Java SE Security

At a Glance

Core

Database

Desktop

Accessibility

Security

Tools

Web Services

Java SE Security

Oracle Cloud

Java

Customers and Events

Email Subscriptions

Communities

Services and Store

Contact and Chat

Integrated Cloud Applications and Platform Services