The Artima Developer Community
Sponsored Link

The Security Manager
The Authority that Can Restrict the Activities of Java Code
by Bill Venners
First Published in JavaWorld, October 1997

<<  Page 3 of 3


The security manager contributes to the JVM's security model by establishing a custom security policy for Java applications. For the security policy to be "bullet proof," both the Java API and the security manager itself must be implemented properly. A bug in either of these can result in a security hole that malicious programmers could exploit.

The customizable nature of the security manager is one of the strengths of Java's security architecture. The security manager's "check" methods are just Java code, so you are free to decide the exact circumstances in which your application will permit potentially unsafe actions. If you can express an algorithm in Java code as a "check" method of the security manager, that algorithm can be part of your application's custom security policy.


About the author
Bill Venners has been writing software professionally for 12 years. Based in Silicon Valley, he provides software consulting and training services under the name Artima Software Company. Over the years he has developed software for the consumer electronics, education, semiconductor, and life insurance industries. He has programmed in many languages on many platforms: assembly language on various microprocessors, C on Unix, C++ on Windows, Java on the Web. He is author of the book: Inside the Java Virtual Machine, published by McGraw-Hill. Reach Bill at

This article was first published under the name Java Security: How to Install the Security Manager and Customize Your Security Policy in JavaWorld, a division of Web Publishing, Inc., October 1997.

<<  Page 3 of 3

Sponsored Links

Copyright © 1996-2018 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use