Microsoft SDK for Java

Trust-Based Security for Java

Trust-based security for Java provides a flexible, easy-to-use security system. The permission model provides control over what a Java class can do by providing a way to associate a set of permissions with a class. Encoding the permission set in the digital signature allows the Microsoft VM to present the end user with a dialog box. It lists the requested permissions so the user can decide whether to trust the applet.

Administrators can make preliminary security decisions based on predefined zones. As such, the end user is spared from many tedious security decisions. Permission scoping prevents untrusted classes from taking advantage of the expanded permissions of trusted classes and gives developers the ability to decide which parts of their trusted code enable a particular permission. Finally, package management allows for local installation of components that are not fully trusted so that those components have expanded permissions, but not unlimited power.

The following topics describe the implementation of each feature of the trust-based security system:

Security Zones that allow related sites (such as all sites on a company intranet) to be administered as a group.

Permission Model that integrates with security zones to provide parameterized control over what Java classes can do.

Permission Signing that allows a signed cabinet file to specify not only the identity of the signer but also the set of permissions being requested for the signed classes.

Permission Scoping that enables a developer who designs a trusted class to precisely limit the range of code for which a granted permission is enabled.

Package Manager that allows classes to be installed with their permissions.

User Interface that simplifies or eliminates the decisions that end users must make.

© 1999 Microsoft Corporation. All rights reserved. Terms of use.