In this chapter, we saw how Java addresses the five tenets of security: containment, authorization, authentication, encryption, and auditing. Java is very strong in some areas of security, especially with containment. It is apparent that Sun's first priority was building an environment that protects Java users from potential harm. It was this focus on security that lead Sun to include the Java Authentication and Authorization Services, Java Cryptography Extension, and Java Secure Socket Extension into the latest versions.

Let's review the mechanisms Java uses to provide security. Containment is achieved using a security manager and a policy file. This technology allows finegrained control of what resources a Java application will have access to on a system. Authentication is achieved primarily by using digital signatures. These signatures are also used in certificates, such as the X.509 certificate, and for JAR signing. Authorization is implemented by using a combination of containment and authentication. With authorization, we are concerned with allowing access to resources to certain individuals. Authentication allows us to identify the individual, and containment allows us to specify which resources the individual has access to. Java also has an excellent encryption API. It is easy to implement encryption using the JCE.

You may have also formed your own opinions about the role security should play in an application. Maybe it doesn't seem worth it to implement in some cases. High-profile companies and governments will definitely want to use the highest level of security offered, but if you are using Java...