Java Capabilities API
Java Security Introduction

INTRODUCTION
With Communicator, Netscape is introducing the Java Capabilities API, a powerful security model for Java code. In designing this security model, Netscape had to fulfill these user requirements:
  • Provide users with strong confidence in the identity of a software vendor and that software has not been tampered with, using digital signatures.
  • Allow users to restrict the capabilities of a Java executable, with fine-grained control over both which executables get access, and what each executable can do.
  • Avoid "authorization fatigue" on the part of users, in which a user blindly clicks "OK" at every security dialog.
In addition, the Communicator Java security model addresses these developer requirements:
  • Allow developers to leave the "sandbox", so that they can write powerful applications on top of Java (given the users permission, of course.)
  • Make security reviews easy, by ensuring that extraordinary privileges are enabled only when needed.
JAVA CAPABILITIES API RESOURCES
  • Netscape Signing Tool: A tool that you can use to sign jar files.
  • Download: Capabilities API Classes: Download these classes and place them in your compiler's classpath to access the power of the Capabilities API.
  • Introduction to the Capabilities API: How to use Netscape's Capabilities API.
  • Capabilities API JavaDoc: A reference for the Java classes in the netscape.security package, which comprise the Capabilities API.
  • Capabilities API Sample Code: Sample code that demonstrates various aspects of the Capabilities API.
    • JAVA SECURITY TECHNOTES
  • Netscape Security TechNote #1: setScopePermission. This document describes the changes that were instituted in Netscape Navigator 3.x Java implementation in order to better support security in Java. This approach is provided as a precursor to the changes in Java to support signed classes. A good understanding of this simpler scenario is extremely useful in understanding the signed class model.
  • Netscape Security TechNote #2: Activating Codebase Pricipals. In Netscape's Capabilities-based security model for Java, a principal is a token representing the originator or source of a particular class. By default, Communicator will only allow principals that are based on cryptographic certificates, such as the Object Signing certificate(s) in a signed JAR file or the SSL certificate in an https codebase. Activating codebase principals allows privileges to be granted to any codebase, which can shorten development time by eliminating the signing step from the development cycle. This document describes the risks involved with codebase principals, and describes how to activate them.

    • Any sample code included above is provided for your use on an "AS IS" basis, under the Netscape License Agreement - Terms of Use