java.security

This package provides all the classes and interfaces that constitute the Java security framework. The content of this package can be divided into two parts:

• Classes implementing the access control infrastructure.

  The central class is java.security.AccessController which checks if code, invoking sensitive resources, was granted the required permissions.

  The class loader (java.security.SecureClassLoader) associates classes with a protection domain (java.security.ProtectionDomain) which consists of a code source (java.security.CodeSource) and the granted permissions (java.security.Permission). The policy, defined through java.security.Policy, defines which permissions are granted to classes loaded from a code source ( class java.security.CodeSource).

• Classes and interfaces for the extensible cryptographic service provider infrastructure (SPI) such as abstractions for certificates, signatures, private and public keys. Also abstractions for the algorithms they utilize are provided in this package.

  Security providers, as defined in java.security.Providers, can be registered to provide different implementations for a variety of security infrastructure, such as key stores. Therefore the corresponding service provider interface (i.e. java.security.KeyStoreSpi) must be implemented.