Java provides a robust security platform that makes it easy for Java developers to develop secure Java applications. But Java security is a difficult topic to prepare or master for Java programming interviews. Java security is a huge and complex topic, with security features available at different levels and layers of the platform. Often times, when your are preparing for a Java interview, it is even difficult to figure out where to begin.
This post make it a little easier by structuring the Java security interview questions into JVM specific security questions, Java API specific security questions, and common security plug in interview questions.
Security is provided by the Java platform through a number of mechanisms.
Secure environment - Java programs run in a secure and restricted environment. The level of access that a Java program can have to important system resources can be restricted based on the trustfulness of the program
Java language features - Java programming language provides a number of in-built features such as automatic memory management, garbage collection array and string range checking etc. which enhances the security of a Java application.
JVM features JVM is designed to provide secure environment for Java applications to be run in - JBytecode verifiers ensure that only legitimate and valid Java bytecodes are executed by the JVM. Java class loaders ensure that only legitimate and secure Java class files, which do not interfere with the running of other Java programs are loaded into the JVM. Access to important resources is provided through the JVM, and is pre-checked by SecurityManager class to ensure that access or restrictions of a resource to a specific resource.
Plugins - Additional security features can be plugged in into the platform and used by Java programs.
Security has been an integral part of Java platform since its introduction.
Java 1.0.x - Java started with a security model, commonly known as the sandbox security model. In this model all Java programs run locally are considered trusted, and can access local resources. Java applets, which are downloaded over the network, are considered untrusted and cannot access resources beyond the sandbox. Access to resources is mediated through the SecurityManager class
Java 1.1.x - Java 1.1.x introduced the concept of 'signed applets', which allowed downloading and running Java applets as trusted code after verifying the applet signer's information.
Java 2 (J2SE) - Java 2 platform provided significant changes and enhancements to security.
Java programming language has several inherent features that contribute to the security of the Java application
*** See complete answer in the Java Interview Guide.
Java API provides the java.security.Permission class which represents access to system resources such as files, sockets etc. and is a core part of Java security platform.
A number of specific permission classes, such as FilePermission, AWTPermission and SocketPermission are sub-classes of java.security.Permission class.
Protection domains are groups of classes having the same permissions. Classes are grouped into protective domains, and...
*** See complete answer in the Java Interview Guide.
The Java programming API provides the java.lang.SecurityManager class which mediates access to all resources. The SecurityManager class has a number of check() methods which determines if a class can access a specific resource. For example ...
*** See complete answer in the Java Interview Guide.
Key classes related to security are provided by the Java programming API in java.security.* package...
*** See complete answer in the Java Interview Guide.