I'm a little confused with how Java (6+) distributes its security framework. On one hand, you have the following packages (and their respective subpackages & types):
java.security.*
javax.security.*
And on the other hand you have java.lang.SecurityManager
, and possibly other security-related types sprinkled in other non-security packages (like java.lang
).
So, several questions:
java.security
and javax.security
? When to use types in each?java.lang
, are there any other packages where security-centric types appear, and if so, what are they?The split has mainly historical reasons. Once upon a time there were export restrictions on cryptographic software in the US.
As a rule of thumb: Stuff related to signatures is found in java.security, the rest (ciphers, ...) in javax.security.
The JRE nowadays comes with the standard security provider bundled in, so JCE is part of the platform.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With