Previous | Next | Trail Map | Security in JDK 1.2  | Summaries

Security-related Files Summary

The security-related files that are built into JDK 1.2 are:
These built-in files all reside in the JDK security properties directory,
    java.home/lib/security/    (Solaris)
    java.home\lib/security\    (Windows)
(Note: java.home indicates the directory into which the JDK was installed.)

The security-related files that you may optionally create are:

Each security-related file is described below.

The java.security Security Properties File

In the java.security security properties file, various security properties are set for use by classes in the java.security package.

This file specifies

See the file for further details. It is located at
    java.home/lib/security/java.security    (Solaris)
    java.home\lib/security\java.security    (Windows)
(java.home indicates the directory into which the JDK was installed.)

The java.policy "System" Policy File

A policy file specifies which permissions are available for code from various sources.

The java.policy file is referred to as the "system" policy file meant to grant system-wide code permissions. The java.policy file installed with the JDK grants all permissions to standard extensions, allows anyone to listen on un-privileged ports, and allows any code to read certain "standard" properties, such as the "os.name" and "file.separator" properties.

If necessary, the system policy file can be modified, either by a text editor (it's an ASCII text file), or by the policytool. The latter doesn't require you to know the policy file format; using it saves typing and reduces errors.

The java.policy file is by default located at

    java.home/lib/security/java.policy(Solaris)
    java.home\lib/security\java.policy(Windows)
(java.home indicates the directory into which the JDK was installed.)

Policy file locations are actually specified in the security properties file as the values of properties whose names are of the form

    policy.url.n=URL
where "n" is a number. The default system policy file is defined in the security properties file as
    policy.url.1=file:${java.home}/lib/security/java.policy

The cacerts Certificates Keystore File

The cacerts file represents a system-wide keystore with Certification Authority (CA) certificates. CAs are entities (e.g., businesses) that are trusted to sign (issue) certificates for other entities.

System administrators can configure and manage the cacerts file using keytool, specifying "JKS" as the keystore type (a proprietary type defined by Sun Microsystems).

At this time, the cacerts keystore file ships with five VeriSign root CA certificates.

The cacerts file is located at

    java.home/lib/security/cacerts (Solaris)
    java.home\lib/security\cacerts (Windows)
(java.home indicates the directory into which the JDK was installed.)

The .java.policy or Other "User" Policy Files

If you would like to create one or more policy files for your own use, you may do so, using either a text editor (it's an ASCII text file), or the policytool. The latter doesn't require you to know the policy file format; using it saves typing and reduces errors.

The security properties file included with the JDK contains a "placeholder" line specifying a default name and location for one user policy file:

    policy.url.2=file:${user.home}/.java.policy
where ${user.home} is replaced at runtime by the user's "home" directory, as determined by the value of the "user.home" system property. On Solaris, the value is simply the user's home directory, such as /home/susanj. On Windows, given user name uName, the "user.home" property value defaults to
C:\Winnt\Profiles\uName on multi-user Windows NT systems
C:\Windows\Profiles\uName on multi-user Windows 95 systems
C:\Windows on single-user Windows 95 systems

Thus, if the user name is "cathy", "user.home" defaults to

C:\Winnt\Profiles\cathy on multi-user Windows NT systems
C:\Windows\Profiles\cathy on multi-user Windows 95 systems
C:\Windows on single-user Windows 95 systems

The specified file does not have to exist. But if you create a file of that name, in that location, the system will load it and use it when making policy decisions.

If you want to create a user policy file but name or locate it differently, simply edit that line in the security properties file appropriately.

If you want to have additional policy files as well, add a line for each, of the form

    policy.url.n=URL 
where n is 3, 4, 5, and so on, and URL is the URL specification. Note: you can't have any gaps in the numbers, or the ones after the gap will be ignored.

Keystores

A keystore is a database of keys. Private keys in a keystore have a certificate chain associated with them, which authenticates the corresponding public key. A keystore also contains certificates from trusted entities. You need a keystore if Use the keytool tool to create and manage your keystore.


Previous | Next | Trail Map | Security in JDK 1.2  | Summaries