The Java Tutorials have been written for JDK 8.Java教程是为JDK 8编写的。Examples and practices described in this page don't take advantage of improvements introduced in later releases and might use technology no longer available.本页中描述的示例和实践没有利用后续版本中引入的改进,并且可能使用不再可用的技术。See Java Language Changes for a summary of updated language features in Java SE 9 and subsequent releases.有关Java SE 9及其后续版本中更新的语言特性的摘要,请参阅Java语言更改。
See JDK Release Notes for information about new features, enhancements, and removed or deprecated options for all JDK releases.有关所有JDK版本的新功能、增强功能以及已删除或不推荐的选项的信息,请参阅JDK发行说明。
In this trail you'll learn how the built-in Java™ security features protect you from malevolent programs.在本教程中,您将了解内置Java™安全功能保护您免受恶意程序的攻击。You'll see how to use tools to control access to resources, to generate and to check digital signatures, and to create and to manage keys needed for signature generation and checking.您将看到如何使用工具来控制对资源的访问,生成和检查数字签名,以及创建和管理签名生成和检查所需的密钥。You'll also see how to incorporate cryptography services, such as digital signature generation and checking, into your programs.您还将看到如何将加密服务(如数字签名生成和检查)合并到您的程序中。
The security features provided by the Java Development Kit (JDK™) are intended for a variety of audiences:Java开发工具包(JDK™)提供的安全特性面向各种受众:
Users running programs运行程序的用户:
Built-in security functionality protects you from malevolent programs (including viruses), maintains the privacy of your files and information about you, and authenticates the identity of each code provider.内置的安全功能保护您免受恶意程序(包括病毒)的侵害,维护您的文件和信息的隐私,并验证每个代码提供商的身份。You can subject applications and applets to security controls when you need to.您可以在需要时对应用程序和小程序进行安全控制。
Developers:开发人员:
You can use API methods to incorporate security functionality into your programs, including cryptography services and security checks.您可以使用API方法将安全功能合并到程序中,包括加密服务和安全检查。The API framework enables you to define and integrate your own permissions (controlling access to specific resources), cryptography service implementations, security manager implementations, and policy implementations.API框架使您能够定义和集成自己的权限(控制对特定资源的访问)、加密服务实现、安全管理器实现和策略实现。In addition, classes are provided for management of your public/private key pairs and public key certificates from people you trust.此外,还提供了用于管理您信任的人的公钥/私钥对和公钥证书的类。
Systems administrators, developers, and users:系统管理员、开发人员和用户:
JDK tools manage your keystore (database of keys and certificates); generate digital signatures for JAR files, and verify the authenticity of such signatures and the integrity of the signed contents; and create and modify the policy files that define your installation's security policy.JDK工具管理您的密钥库(密钥和证书数据库);为JAR文件生成数字签名,并验证签名的真实性和签名内容的完整性;并创建和修改定义安装安全策略的策略文件。
➤ Creating a Policy File创建策略文件 shows how resource accesses can be controlled by a policy file.显示策略文件如何控制资源访问。For latest information on policy configuration files, see Policy Guide page.有关策略配置文件的最新信息,请参阅策略指南页面。
➤ Quick Tour of Controlling Applications快速浏览控制应用程序 builds on the previous lesson, showing how resource accesses, such as reading or writing a file, are not permitted for applications that are run under a security manager unless explicitly allowed by a permission in a policy file.构建在上一课的基础上,展示了在安全管理器下运行的应用程序如何不允许资源访问(如读取或写入文件),除非策略文件中的权限明确允许。
➤ API and Tools Use for Secure Code and File Exchanges用于安全代码和文件交换的API和工具 defines digital signatures, certificates, and keystores and discusses why they are needed.定义数字签名、证书和密钥库,并讨论为什么需要它们。It also reviews information applicable to the next three lessons regarding the steps commonly needed for using the tools or the API to generate signatures, export/import certificates, and so on.它还审查了适用于下三个课程的信息,这些信息涉及使用工具或API生成签名、导出/导入证书等通常需要的步骤。
➤ Signing Code and Granting It Permissions签署代码并授予其权限 illustrates the use of all the security-related tools.演示了所有安全相关工具的使用。It shows the steps that a developer would take to sign and to distribute code for others to run.它显示了开发人员签署和分发代码以供其他人运行所需的步骤。The lesson also shows how someone who will run the code (or a system administrator) could add an entry in a policy file to grant the code permission for the resource accesses it needs.本课程还展示了运行代码的人员(或系统管理员)如何在策略文件中添加条目,以授予代码对所需资源访问的权限。
➤ Exchanging Files交换文件 shows use of the tools by one person to sign an important document, such as a contract, and to export the public key certificate for the public key corresponding to the private key used to sign the contract.显示一个人使用工具签署重要文档(如合同)以及导出与用于签署合同的私钥对应的公钥的公钥证书。Then the lesson shows how another person, who receives the contract, the signature, and the public key certificate, can import the certificate and verify the signature.然后,本课程将演示接收合同、签名和公钥证书的另一个人如何导入证书并验证签名。
➤ Generating and Verifying Signatures生成和验证签名 walks you step by step through an example of writing a Java program using the JDK Security API to generate keys, to generate a digital signature for data using the private key, and to export the public key and the signature to files.通过一个使用JDK安全性API编写Java程序的示例,逐步引导您生成密钥,使用私钥为数据生成数字签名,并将公钥和签名导出到文件。Then the example shows writing a second program, which may be expected to run on a different person's computer, that imports the public key and verifies the authenticity of the signature.然后,该示例显示如何编写第二个程序,该程序可能会在另一个人的计算机上运行,该程序导入公钥并验证签名的真实性。Finally, the example discusses potential weaknesses of the approach used by the basic programs and demonstrates possible alternative approaches and methods of supplying and importing keys, including in certificates.最后,该示例讨论了基本程序使用的方法的潜在弱点,并演示了提供和导入密钥(包括证书中的密钥)的可能替代方法和方法。
➤ Implementing Your Own Permission实现您自己的许可 demonstrates how to write a class that defines its own special permission.演示如何编写定义自己特殊权限的类。
JDK security release documentation can be found at the Security guides page.JDK安全发布文档可以在安全性指南页面上找到。This index page lists Specifications which present detailed information about latest security features, including architecture specifications, usage guides, API documentation, and tool documentation.此索引页列出了有关最新安全功能的详细信息的规范,包括体系结构规范、使用指南、API文档和工具文档。