| CONTENTS | PREV | NEXT |
Java SE Platform Security Architecture Specification v0.1 was drafted on March 12, 1997.
Revision 0.2 on March 27, 1997
Revision 0.3 on March 31, 1997
Revision 0.4 on June 3, 1997. Reflected changes in design and implementation based on comments and feedbacks of revision 0.3. Introduced SignedObject.
Revision 0.5 on July 10, 1997. Major reorganization. It now includes a detailed syntax and semantics for policy and permissions. The class java.lang.SecurityManager is changed from abstract to concrete, with a default implementation.
Revision 0.6 on September 3, 1997. Reorganized sections under clearer headings. Syntactical changes to policy file format, including adding an optional signer field to each permission entry. Introduced GuardedObject class and Guard interface. The Permission class is now Serializable and implements the Guard interface. Added a new AccessControlContext class that helps cross-thread access control decision making. Gave descriptions of keytool, policytool, and jarsigner. Revised Acknowledgements.
Revision 0.7 on October 1, 1997. Added description of a feature that automatically makes a new thread, at its creation time, inherit the parent thread's security context so that access control checking in the new child thread considers both the first current context and also the inherited context.
Revision 0.8 on March
9, 1998. The previously package private class
java.security.ProtectionDomain is now made public, and suitable
get, set, and define methods
to use this class are added in java.lang.Class and
java.security.SecureClassLoader. The class
java.security.SignedObject is now immutable. Introduced a new class
java.security.UnresolvedPermission. Added new method
SecurityManager.checkPermission that, by default,
invokes AccessController.checkPermission. Syntax
change for FilePermission in the case of "*", "-",
and introduced "<<ALL FILES>>". Other minor
additions and changes, including two new options for jarsigner.
Revised Acknowledgements.
Revision 0.9 on June
10, 1998. Some permission names have been modified to make
permission naming clearer and more consistent. Added sections for
Permission classes not previously documented herein. The
evaluate method in Policy has been renamed
getPermissions. Class.setProtectionDomain
no longer exists. Corrected "file:" URL examples. The
"-usepolicy" command-line argument for the "java"
command has been replaced by "-Djava.security.manager" and
"-Djava.security.policy". Updated command lists for the
keytool and jarsigner tools. The AccessController
beginPrivileged and endPrivileged methods
have been replaced by the doPrivileged method.
Revision 1.0 on October 2, 1998. Updated description of the class loading mechanism with a new chapter. Rearranged some chapters and sections.
Revision 1.1 on December 20, 2000. Updated the document to reflect the new Policy and ProtectionDomain updates to support dynamic policies. Also added updates for the integration of the Java Authentication and Authorization Service (JAAS) into the core SDK. New policy syntax was described and examples were added.
Revision 1.2 (the
current version) on March 22, 2002. Added notes on
KeyStore Alias Replacement including an example of a
grant statement with KeyStore alias replacement. Added
new section 3.3 explaining generalized expansion in policy files
including examples.
