Java security

This topic provides details on adopted authority and explains how you can use SSL to make socket streams secure in your Java™ application.

Java applications are subject to the same security restrictions as any other program on an iSeries™ server. To run a Java program on an iSeries server, you must have authority to the class file in the integrated file system. Once the program starts, it runs under the user's authority.

You can use adopted authority to access objects with the authority of the user that is running the program, and the program owner's authority. Adopted authority temporarily gives a user authority to objects that they would not have originally had authority to access. See the Create Java Program (CRTJVAPGM) command information for details on the two new adopted authority parameters, which are USRPRF and USEADPAUT.

The majority of the Java programs that run on an iSeries server are applications, not applets, so the "sandbox" security model does not restrict them.

Note: For J2SDK, version 1.4 and subsequent releases, JAAS, JCE, JGSS, and JSSE are part of the base JDK and are not considered to be extensions. For previous JDK versions, these security items are extensions.

• Java security model
  You can download Java applets from any system; thus, security mechanisms exist within the Java virtual machine to protect against malicious applets. The Java runtime system verifies the bytecodes as the Java virtual machine loads them. This ensures that they are valid bytecodes and that the code does not violate any of the restrictions that the Java virtual machine places on Java applets.
• Java Cryptography Extension
  The Java Cryptography Extension (JCE) 1.2 is a standard extension to the Java 2 Software Development Kit (J2SDK), Standard Edition. The JCE implementation on an iSeries server is compatible with the implementation of Sun Microsystems, Inc. This documentation covers the unique aspects of the iSeries implementation.
• Java Secure Socket Extension
  The Java Secure Socket Extension (JSSE) is the Java implementation of the Secure Sockets Layer (SSL) protocol. JSSE uses SSL and the Transport Layer Security (TLS) protocol to enable clients and servers to conduct secure communications over TCP/IP.
• Java Authentication and Authorization Service
  The Java Authentication and Authorization Service (JAAS) is a standard extension to the Java 2 Software Development Kit (J2SDK), Standard Edition. J2SDK provides access controls that are based on where the code originated and who signed the code (code source-based access controls). It lacks, however, the ability to enforce additional access controls based on who runs the code. JAAS provides a framework that adds this support to the Java 2 security model.
• IBM Java Generic Security Service (JGSS)
  The Java Generic Security Service (JGSS) provides a generic interface for authentication and secure messaging. Under this interface you can plug a variety of security mechanisms based on secret-key, public-key, or other security technologies.