Top Description Interfaces Classes Enums
module java.base

Package java.security

Provides the classes and interfaces for the security framework. This includes classes that implement an easily configurable, fine-grained access control security architecture. This package also supports the generation and storage of cryptographic public key pairs, as well as a number of exportable cryptographic operations including those for message digest and signature generation. Finally, this package provides classes that support signed/guarded objects and secure random number generation. Many of the classes provided in this package (the cryptographic and secure random number generator classes in particular) are provider-based. The class itself defines a programming interface to which applications may write. The implementations themselves may then be written by independent third-party vendors and plugged in seamlessly as needed. Therefore, application developers may take advantage of any number of provider-based implementations without having to add or rewrite code.

Package Specification

Related Documentation

For further documentation, please see:
Since
1.1

Interface Summary

Modifier and TypeInterface and Description
public interface
AlgorithmConstraints

This interface specifies constraints for cryptographic algorithms, keys (key sizes), and other algorithm parameters.

public interface
AsymmetricKey

An asymmetric key, which can be either a public key or a private key.

public interface
Certificate

Deprecated for removal since 1.2. This class is deprecated and subject to removal in a future version of Java SE. It has been replaced by java.security.cert.Certificate and related classes.

This is an interface of abstract methods for managing a variety of identity certificates.

public interface
DomainCombiner

Deprecated for removal since 17. This class is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release.
A DomainCombiner provides a means to dynamically update the ProtectionDomains associated with the current AccessControlContext.
public interface
Guard

This interface represents a guard, which is an object that is used to protect access to another object.

public interface
Key

The Key interface is the top-level interface for all keys.

public interface
Principal

This interface represents the abstract notion of a Principal, which can be used to represent any entity, such as an individual, a corporation, and a login id.

public interface
PrivateKey

A private key.

public interface
PrivilegedAction<
the type of the result of running the computation
T>

A computation to be performed with privileges enabled.

public interface
PrivilegedExceptionAction<
the type of the result of running the computation
T>

A computation to be performed with privileges enabled, that throws one or more checked exceptions.

public interface
PublicKey

A public key.

public interface
SecureRandomParameters

A marker interface for parameters used in various SecureRandom methods.

Class Summary

Modifier and TypeClass and Description
public class
AccessControlContext

Deprecated for removal since 17. This class is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release.
An AccessControlContext is used to make system resource access decisions based on the context it encapsulates.
public class
AccessControlException

Deprecated for removal since 17. This class is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release.

This exception is thrown by the AccessController to indicate that a requested access (to a critical system resource such as the file system or the network) is denied.

public class
AccessController

Deprecated for removal since 17. This class is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release.

The AccessController class is used for access control operations and decisions.

public class
AlgorithmParameterGenerator

The AlgorithmParameterGenerator class is used to generate a set of parameters to be used with a certain algorithm.

public abstract class
AlgorithmParameterGeneratorSpi

This class defines the Service Provider Interface (SPI) for the AlgorithmParameterGenerator class, which is used to generate a set of parameters to be used with a certain algorithm.

public class
AlgorithmParameters

This class is used as an opaque representation of cryptographic parameters.

public abstract class
AlgorithmParametersSpi

This class defines the Service Provider Interface (SPI) for the AlgorithmParameters class, which is used to manage algorithm parameters.

public class
AllPermission

The AllPermission is a permission that implies all other permissions.

pack-priv class
AllPermissionCollection

An AllPermissionCollection stores a collection of AllPermission permissions.

public abstract class
AuthProvider

This class defines login and logout methods for a provider.

public abstract class
BasicPermission

The BasicPermission class extends the Permission class, and can be used as the base class for permissions that want to follow the same naming convention as BasicPermission.

pack-priv class
BasicPermissionCollection

A BasicPermissionCollection stores a collection of BasicPermission permissions.

public class
CodeSigner

This class encapsulates information about a code signer.

public class
CodeSource

This class extends the concept of a codebase to encapsulate not only the location (URL) but also the certificate chains that were used to verify signed code originating from that location.

public class
DigestException

This is the generic Message Digest exception.

public class
DigestInputStream

A transparent stream that updates the associated message digest using the bits going through the stream.

public class
DigestOutputStream

A transparent stream that updates the associated message digest using the bits going through the stream.

public class
DomainLoadStoreParameter

Configuration data that specifies the keystores in a keystore domain.

public class
DrbgParameters

This class specifies the parameters used by a DRBG (Deterministic Random Bit Generator).

public class
GeneralSecurityException

The GeneralSecurityException class is a generic security exception class that provides type safety for all the security-related exception classes that extend from it.

public class
GuardedObject

A GuardedObject is an object that is used to protect access to another object.

public abstract class
Identity

Deprecated for removal since 1.2. This class is deprecated and subject to removal in a future version of Java SE. It has been replaced by java.security.KeyStore, the java.security.cert package, and java.security.Principal.

This class represents identities: real-world objects such as people, companies or organizations whose identities can be authenticated using their public keys.

public abstract class
IdentityScope

Deprecated for removal since 1.2. This class is deprecated and subject to removal in a future version of Java SE. It has been replaced by java.security.KeyStore, the java.security.cert package, and java.security.Principal.

This class represents a scope for identities.

public class
InvalidAlgorithmParameterException

This is the exception for invalid or inappropriate algorithm parameters.

public class
InvalidKeyException

This is the exception for invalid Keys (invalid encoding, wrong length, uninitialized, etc.).

public class
InvalidParameterException

This exception, designed for use by the JCA/JCE engine classes, is thrown when an invalid parameter is passed to a method.

public class
KeyException

This is the basic key exception.

public class
KeyFactory

Key factories are used to convert keys (opaque cryptographic keys of type Key) into key specifications (transparent representations of the underlying key material), and vice versa.

public abstract class
KeyFactorySpi

This class defines the Service Provider Interface (SPI) for the KeyFactory class.

public class
KeyManagementException

This is the general key management exception for all operations dealing with key management.

public class
KeyPair

This class is a simple holder for a key pair (a public key and a private key).

public abstract class
KeyPairGenerator

The KeyPairGenerator class is used to generate pairs of public and private keys.

public abstract class
KeyPairGeneratorSpi

This class defines the Service Provider Interface (SPI) for the KeyPairGenerator class, which is used to generate pairs of public and private keys.

public class
KeyRep

Standardized representation for serialized Key objects.

public class
KeyStore

This class represents a storage facility for cryptographic keys and certificates.

public class
KeyStoreException

This is the generic KeyStore exception.

public abstract class
KeyStoreSpi

This class defines the Service Provider Interface (SPI) for the KeyStore class.

public abstract class
MessageDigest

This MessageDigest class provides applications the functionality of a message digest algorithm, such as SHA-1 or SHA-256.

public abstract class
MessageDigestSpi

This class defines the Service Provider Interface (SPI) for the MessageDigest class, which provides the functionality of a message digest algorithm, such as MD5 or SHA.

public class
NoSuchAlgorithmException

This exception is thrown when a particular cryptographic algorithm is requested but is not available in the environment.

public class
NoSuchProviderException

This exception is thrown when a particular security provider is requested but is not available in the environment.

public abstract class
Permission

Abstract class for representing access to a system resource.

public abstract class
PermissionCollection

Abstract class representing a collection of Permission objects.

public class
Permissions

This class represents a heterogeneous collection of permissions.

pack-priv class
PermissionsEnumerator

pack-priv class
PermissionsHash

A PermissionsHash stores a homogeneous set of permissions in a hashtable.

public class
PKCS12Attribute

An attribute associated with a PKCS12 keystore entry.

public abstract class
Policy

Deprecated for removal since 17. This class is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release.
A Policy object is responsible for determining whether code executing in the Java runtime environment has permission to perform a security-sensitive operation.
public abstract class
PolicySpi

Deprecated for removal since 17. This class is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release.
This class defines the Service Provider Interface (SPI) for the Policy class.
public class
PrivilegedActionException

This exception is thrown by doPrivileged(PrivilegedExceptionAction) and doPrivileged(PrivilegedExceptionAction, AccessControlContext context) to indicate that the action being performed threw a checked exception.

public class
ProtectionDomain

The ProtectionDomain class encapsulates the characteristics of a domain, which encloses a set of classes whose instances are granted a set of permissions when being executed on behalf of a given set of Principals.

public abstract class
Provider

This class represents a "provider" for the Java Security API, where a provider implements some or all parts of Java Security.

public class
ProviderException

A runtime exception for Provider exceptions (such as misconfiguration errors or unrecoverable internal errors), which may be subclassed by Providers to throw specialized, provider-specific runtime errors.

public class
SecureClassLoader

This class extends ClassLoader with additional support for defining classes with an associated code source and permissions which are retrieved by the system policy by default.

public class
SecureRandom

This class provides a cryptographically strong random number generator (RNG).

public abstract class
SecureRandomSpi

This class defines the Service Provider Interface (SPI) for the SecureRandom class.

public class
Security

This class centralizes all security properties and common security methods.

public class
SecurityPermission

This class is for security permissions.

public abstract class
Signature

The Signature class is used to provide applications the functionality of a digital signature algorithm.

public class
SignatureException

This is the generic Signature exception.

public abstract class
SignatureSpi

This class defines the Service Provider Interface (SPI) for the Signature class, which is used to provide the functionality of a digital signature algorithm.

public class
SignedObject

SignedObject is a class for the purpose of creating authentic runtime objects whose integrity cannot be compromised without being detected.

public abstract class
Signer

Deprecated for removal since 1.2. This class is deprecated and subject to removal in a future version of Java SE. It has been replaced by java.security.KeyStore, the java.security.cert package, and java.security.Principal.
This class is used to represent an Identity that can also digitally sign data.
public class
Timestamp

This class encapsulates information about a signed timestamp.

public class
UnrecoverableEntryException

This exception is thrown if an entry in the keystore cannot be recovered.

public class
UnrecoverableKeyException

This exception is thrown if a key in the keystore cannot be recovered.

public class
UnresolvedPermission

The UnresolvedPermission class is used to hold Permissions that were "unresolved" when the Policy was initialized.

pack-priv class
UnresolvedPermissionCollection

A UnresolvedPermissionCollection stores a collection of UnresolvedPermission permissions.

public class
URIParameter

Deprecated as a consequence of Policy.Parameters being deprecated.
A parameter that contains a URI pointing to data intended for a PolicySpi or ConfigurationSpi implementation.

Enum Summary

Modifier and TypeEnum and Description
public enum
CryptoPrimitive

An enumeration of cryptographic primitives.