| CONTENTS | PREV | NEXT |
Java SE Platform Security Architecture Specification v0.1 was drafted on March 12, 1997.
Revision 0.2 on March 27, 1997
Revision 0.3 on March 31, 1997
Revision 0.4 on June 3, 1997. Reflected changes in design and implementation based on comments and feedbacks of revision 0.3. Introduced SignedObject.
Revision 0.5 on July 10, 1997. Major reorganization. It now includes a detailed syntax and semantics for policy and permissions. The class java.lang.SecurityManager is changed from abstract to concrete, with a default implementation.
Revision 0.6 on September 3, 1997. Reorganized sections under clearer headings. Syntactical changes to policy file format, including adding an optional signer field to each permission entry. Introduced GuardedObject class and Guard interface. The Permission class is now Serializable and implements the Guard interface. Added a new AccessControlContext class that helps cross-thread access control decision making. Gave descriptions of keytool, policytool, and jarsigner. Revised Acknowledgements.
Revision 0.7 on October 1, 1997. Added description of a feature that automatically makes a new thread, at its creation time, inherit the parent thread's security context so that access control checking in the new child thread considers both the first current context and also the inherited context.
Revision 0.8 on March 9, 1998. The
previously package private class java.security.ProtectionDomain is
now made public, and suitable get, set,
and define methods to use this class are added in
java.lang.Class and java.security.SecureClassLoader. The class
java.security.SignedObject is now immutable. Introduced a new class
java.security.UnresolvedPermission. Added new method
SecurityManager.checkPermission that, by default,
invokes AccessController.checkPermission. Syntax
change for FilePermission in the case of "*", "-",
and introduced "<<ALL FILES>>". Other minor
additions and changes, including two new options for jarsigner.
Revised Acknowledgements.
Revision 0.9 on June 10, 1998. Some
permission names have been modified to make permission naming
clearer and more consistent. Added sections for Permission classes
not previously documented herein. The evaluate method
in Policy has been renamed getPermissions.
Class.setProtectionDomain no longer exists. Corrected
"file:" URL examples. The "-usepolicy" command-line
argument for the "java" command has been replaced by
"-Djava.security.manager" and
"-Djava.security.policy". Updated command lists for the
keytool and jarsigner tools. The AccessController
beginPrivileged and endPrivileged methods
have been replaced by the doPrivileged method.
Revision 1.0 on October 2, 1998. Updated description of the class loading mechanism with a new chapter. Rearranged some chapters and sections.
Revision 1.1 on December 20, 2000. Updated the document to reflect the new Policy and ProtectionDomain updates to support dynamic policies. Also added updates for the integration of the Java Authentication and Authorization Service (JAAS) into the core SDK. New policy syntax was described and examples were added.
Revision 1.2 (the
current version) on March 22, 2002. Added notes on
KeyStore Alias Replacement including an example of a
grant statement with KeyStore alias replacement. Added
new section 3.3 explaining generalized expansion in policy files
including examples.
