Let's learn Java. Technologies included in J2EE

Youtube

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://www.allbest.ru/

Nizhny Novgorod State Technical University

Institute of Radio Electronics and Information Technologies

Department of Informatics and Control Systems

Methods and means of protecting computer information

"Java Security System"

Nizhny Novgorod, 2007

1. How Java works

2. Protecting Java applets

3. Security model JDK1.2

4. Java Cryptographic Architecture

5. Object organization of security mechanisms

Bibliography

1. Principle of operationJava

Java technology is based on a client-server model, and a Java program consists of several blocks, each of which performs a specific part of the overall task. On the client side, only those blocks that are needed at the moment are present. Moreover, the most frequently used blocks are stored in a cache on the hard disk or in random access memory user's computer. Since the block is loaded from the server, such a system can be managed from the server, i.e. centrally. This also ensures that the user is always using the latest version of the program.

The main component of this technology is the Java virtual processor, which is an environment for executing Java commands, or so-called bytecodes. Any Java program must conform to the Java virtual processor specification, which completely defines the Java instruction set, the types of data processed by the Java processor, and its registers.

In addition to the virtual processor, Java technology includes (as optional element) is an object-oriented programming language built on the C++ language, to which new mechanisms have been added to ensure security and distributed computing.

A special feature of Java is applets. An applet is a small program in which several required functions must be defined. The applet is downloaded over the network and can be executed in a Web browser that supports the Java language. It is this part of Java technology that is intended for use on the Internet, and therefore protection must extend both to the applet itself and to the network client that uses this applet.

2. ProtectionJava-applets

The most vulnerable component of Java technology from a security point of view are applets, since they can be used by any client. That is why the most stringent protection methods are provided for applets. Although different browsers and applet viewers may have different ways of protecting user information from attack, in general an applet should be prohibited from the following:

· check existence and parameters specific file;

· access a remote computer over the network;

· receive a list of network communication sessions that the local computer establishes with other computers;

· obtain information about the user or his home directory;

exit the Java interpreter;

These rules are provided by the following components of Java technology.

· The actual Java virtual processor, which constantly monitors its state.

· Applet and Java program loader that controls downloaded codes.

· Security Manager (SecurityManager), which controls and blocks dangerous actions of applets.

The SecurityManager class lists methods that are used by the system to control the actions of the applet depending on the characteristics of the environment

The function of the loader is to verify bytecodes, i.e., checking the correctness of the received Java program element and its integrity. During the verification process, the following is revealed:

· does the version of the received block correspond to the versions of other elements of the system;

· whether the program complies with the specification of a particular virtual Java processor;

The purposes of this check are to identify incorrect use of indirect addressing that could lead to disruption of the virtual processor, and to verify the integrity of the applet.

The protective mechanisms of this technology are very well thought out, but their implementation is still far from perfect. Therefore, below is a small list of possible “attacks”.

Service blocking

As a result, the user's work is partially or completely blocked and the browser may even be disabled. Here is a far from complete list of possible options for such an “attack”:

· filling all free memory;

· capture of important system classes.

"Secret" channels

These channels allow you to receive information even through security systems (firewalls). The existence of "secret" channels in the browser makes it very dangerous. You can use it as a "secret" channel the following actions applets:

· sending mail through the server's SMTP port (and mail is sent on behalf of the user who works with the applet);

· a search request for a non-existent URL, in which the data necessary for the “cracker” is passed as parameters;

· an attempt to access a non-existent address (the sequence of directories may contain the necessary data).

Information known to applets

Using this information, you can obtain some information that can later be used for “hacking.” This information can even be transmitted through firewalls using the secret channels described above. Applets typically know the following system information:

· system time;

· name and version operating system;

· processor architecture.

Striking a balance between the capabilities of downloadable applets and the protection of the client system is quite difficult. The proposed solutions cannot be made independent of a specific platform, which contradicts the requirement of absolute portability of Java programs.

3. Security modelJDK1.2

Java technology provides a number of protective barriers, which can be divided into three groups:

· reliability of the language;

· control when receiving and loading programs;

· control during program execution.

Java provides security through static and dynamic controls. Another Java feature is automatic memory management, eliminating the appearance of dangling pointers.

Control when receiving and loading programs in Java is multi-stage in nature. Firstly, software components can be provided with an electronic signature, which makes it possible to control their integrity and authenticity. Secondly, the bytecode verifier, in addition to a general check of the format of the received information, tries to make sure that the following incorrect actions are absent:

· pointer forgery (for example, obtaining a pointer as the result of an arithmetic operation);

· violation of access rights to class components;

· calling object methods with an invalid set of parameters;

· invalid type conversion;

Stack overflow or exhaustion.

Control during program execution can be divided into two levels. At the lower level, the Java virtual machine does not allow array overruns or similar incorrect actions. At the top level, the security manager performs meaningful access checks, thereby implementing the selected security policy.

If we continue the division into groups and levels, it is useful to highlight the following two aspects of Java security:

· protection of the Java runtime environment and hardware and software platform resources from malicious software;

· restriction of access of subjects to application level resources.

The main purpose of security measures in Java is to protect the Java environment from malware. To achieve this goal, the sandbox concept was proposed ( sandbox) is a closed environment in which potentially untrustworthy programs are executed. These were considered to be applets received over the network. All "native" code (that is, programs located on local computer) was considered absolutely reliable and had access to everything that was available to the Java virtual machine.

The restrictions imposed by the sandbox include a ban on access to the local file system, network communication with all hosts except the source of the applet (the host from which the applet was received), etc. With such restrictions, security is generally ensured, but applets have almost no ability to work.

To somehow cope with this problem, they introduced the concept of an electronic signature, which is placed by the distributor of the applet. The Java machine, in accordance with its security policy, divides distributors and, accordingly, their applets into two categories - trusted and untrusted. Reliable applets were given the same rights as native code.

Three main concepts emerged:

· source of the program;

· law and many rights;

· Security policy.

The source of a program is identified by a pair (uniform resource locator -- URL, program distributors). The URL can point to a file on the local file system or to a resource on a remote system.

A right is an abstract concept behind which, as usual in Java, there are classes and objects. In most cases, the right is determined by two strings of characters - the resource name and the action. For example, a file can be a resource, and a read can be an action.

The security policy specifies the correspondence between the source and the rights of programs received from it. "Native" programs do not have any security privileges and the policy towards them can be anything.

In essence, there is a traditional access rights mechanism for modern operating systems and database management systems with the following features:

· The subject of access is not the user, but the source of the program. However, formally we can assume that during program execution its source becomes;

· There is no concept of a resource owner who (the owner) could change rights; the latter are set exclusively by the security policy.

Security model in JDK 1.2

4. Cryptographic architectureJava

Without cryptography, reliable authentication, integrity control, and confidentiality are impossible.

The Java Cryptography Architecture (JCA) is designed to provide the following services:

· setting/verifying an electronic signature;

· hash function calculation;

· generation of public/secret key pairs;

· creation of certificates confirming the authenticity of public keys;

· storage of keys, as well as certificates of trusted partners;

· Converting keys from a representation with a hidden structure to a commonly understood representation and vice versa;

· generation of parameters of cryptographic algorithms;

· generation of (pseudo)random numbers;

· symmetric encryption;

· development of common key material.

In addition, the cryptographic architecture must satisfy the following technological requirements:

· ensure independence from algorithms and their implementations;

· ensure mutual compatibility of implementations;

· ensure extensibility of the set of algorithms and their implementations.

Each service can be provided by several algorithms, each of which, in turn, can have several implementations. For example, the MD5/SHA-1 algorithms (as well as the Russian GOST “Hash Function”) are intended for calculating the hash function; the RSA/DSA algorithms and the Russian GOST “Procedures for the development and verification of electronic digital signatures” are used for generating and verifying an electronic signature. etc.

The software interface of services is designed to reflect their functionality in an algorithm-independent form. To refer to implementations, the concept of a cryptographic service provider is used - a package or group of packages containing an implementation. The application has the ability to select algorithms and service providers from among those available.

The last two items in the list of services (symmetric encryption and generation of common key material) are subject to US export restrictions, so they, unlike the other services listed, are packaged as an extension (Java Cryptography Extension, JCE), which is a separate product.

Hierarchy of cryptographic services, algorithms and implementations

5. Object organizationization of security mechanisms

java applet security cryptographic

The security mechanisms in JDK 1.2 are packaged in four core packages and three extension packages. Here are some of them

· java.security-- contains the interfaces and classes that make up the framework of security mechanisms. This includes the access control tools discussed above, as well as cryptographic tools, such as generating an electronic signature, calculating a hash function, etc.

· java.security.interfaces-- means of generating RSA and DSA keys.

· javax.crypto-- interface and classes for symmetric encryption.

The most conceptually important interfaces and classes are concentrated in the package java.security.

Security policy

The security policy establishes a correspondence between program sources and their access rights. In a Java machine, at any given time it is represented by one object of a class that is a successor to an abstract class Policy. Class Methods Policy allow you to get/set the current policy, as well as find out the access rights associated with a given program source.

Checking access rights

To control access rights, you can use two tools:

· built-in security manager, called AccessController;

· dynamically changing security manager -- SecurityManager.

Class AccessController provides a single method to check a given right in the current context -- checkPermission.

Cryptographic interfaces and classes

The object organization of the Java cryptographic subsystem naturally mirrors the cryptographic subsystem described above. Each service corresponds to an abstract class that describes its (service) programming interface, as well as a class that describes the programming interface of the service provider. Classes are important Provider And Security. The first contains general methods of cryptographic service providers, the second contains methods for managing providers and algorithm parameters.

Bibliography

1. http://www.jetinfo.ru/1998/11-12/1/article1.11-12.19981237.html

2. http://vestnik.sci.pfu.edu.ru/archiv-cs/articles-cs/2004-3-1/pdf/kulyabov-2004.pdf

3. http://ru.wikipedia.org/wiki/Java

4. http://infocity.kiev.ua/hack/content/hack081.phtml

5. http://citforum.uar.net/security/web/java_seq.shtml

6. http://www.htc-cs.ru/press/tribune/java.html

7. http://www.ccc.ru/magazine/depot/00_11/print.html?web3.htm

Posted on Allbest.ru

What are "Java Technologies"?

Java is both a programming language and a platform.

First, Java is a high-level object-oriented programming language. At compilation, which is executed once during the application build, the Java code is converted into intermediate language code ( bytecode). In turn, the bytecode is analyzed and executed ( interpreted) a Java virtual machine (JVM), which acts as a translator between the Java language and the operating system hardware. All Java implementations must emulate the JVM so that the applications you create can run on any system that includes a Java virtual machine.

Secondly, Java is software platform, versions of which are available for various hardware systems. There are three versions of Java (see Java Platform Editions below). The platform includes a JVM and a Java application programming interface (API), which is an extensive set of ready-made software components (classes) that facilitate the development and deployment of applets and applications. The Java API covers many aspects of Java development, including basic object manipulation, network programming, security, XML generation, and Web services. The API is organized as a set of libraries called packages, which contain classes and interfaces for solving related problems.

In addition to the API, every complete implementation of the Java platform must include the following:

Developer tools for compiling, running, monitoring, debugging and documenting applications.
Standard mechanisms for deploying applications in the user environment.
Toolkits that allow you to create complex graphical user interfaces.
Integration libraries for programmatic access to databases and remote manipulation of objects.

The JVM is also a proven environment for running applications written in languages other than Java. In particular, Groovy, Scala, and specialized implementations of Ruby and Python provide developers with the ability to run dynamic and functional languages on the JVM (for more information, see What does Java have to do with dynamic languages and functional programming?).

The Java language was developed by Sun Microsystems. Currently, the development of Java technologies, including work on specifications, reference implementations and compatibility tests, is carried out under the control of the open non-profit organization JCP (Java Community Process), which brings together Java developers and license holders. In 2007, Sun released a free version of Java, including the core components of the platform, under the GNU GPL v2 license (GPLv2). You can read more about this version in the Java and Free Software Development section.

Why should you learn Java?

The main advantage of the Java language is the portability of Java applications, i.e. ability to run on any hardware platforms and operating systems, since all JVMs, regardless of which platform they run on, are capable of executing the same bytecode.

The Java language and platform are highly scalable. You can easily create applications for resource-constrained devices by adapting software originally written for desktop computers. At the same time, the Java language is ideal for developing server-side Web applications, through which the user can access computing resources on the Web. The ability to securely execute code downloaded over the network was built into Java's design, so the language provides high level safety when working via the Internet. Web applications run in runtime environments called Web containers, which provide a variety of convenient services, including request dispatching, security and concurrency, lifecycle management, and access to APIs such as name management, transaction management, and email. A number of things are written in Java application servers, which act as Web containers for other Java components, XML, and Web services that interact with databases and dynamically generate the content of Web pages. Such servers also provide an environment for deploying enterprise applications and tools for transaction management, clustering, security, connectivity and the necessary levels of availability, performance and scalability.

By supporting the use of open standards in enterprise applications, Java opens up the possibility of using XML-based Web services to help business partners share information resources and applications. Java underpins many of IBM's technical consulting products and services (IBM Products and Technologies for Java Developers) and plays a key role in several of the company's most important businesses.

Explore IBM's approach to , and learn how SOA helps you create heterogeneous applications that draw functionality from multiple sources both inside and outside the enterprise, thereby supporting horizontal business processes. IBM provides a series of resources aimed at business users and IT professionals to help you get started using this technology.
IBM's component approach provides a full range of capabilities to drive strategic change. The solutions provided are based on flexible, extensible, open standards-based software (including Java) and hardware infrastructure.

Java Platform Editions
There are three editions of the Java platform, allowing application developers, service providers and manufacturers hardware create solutions that meet the requirements of specific user groups.

Java SE (Java Platform, Standard Edition). Using Java SE, you can create and deploy Java applications for desktops and servers, and develop embedded software and programs for real-time systems. The Java SE edition includes the classes needed to create Web services and the core components of Java EE (Java Platform, Enterprise Edition). The current version of the Java SE platform is Java SE 6, also known as "Mustang". However, many developers still use Java SE 5 (Java 5.0, or "Tiger").
- For an excellent overview of the features of Java SE 5, see the column articles. Much of the programming aspects of the Java SE 5 platform, for which many existing applications were created, are still relevant in Java SE 6.
- This article describes new features in Java SE 6 that help you monitor and evaluate application performance.
- This article provides an introduction to a scripting language that runs on top of the Java SE 6 platform to simplify programming complex user interfaces.
- This two-part series provides an introduction to the API provided by Java SE 6, which allows Java applications to execute dynamic script code and vice versa. .
Java EE (Java Platform, Enterprise Edition). This enterprise version of the platform helps developers build and deploy portable, reliable, scalable, and secure Java server applications. Building on the capabilities of Java SE, Java EE provides Web services, component models, remoting, and management APIs for SOA and Web 2.0 enterprise software implementations.
- Read articles and for an introductory overview of the latest version of the Java EE platform.
- Check out the series, a popular framework for building lightweight, robust Java EE applications.
- For more information about Java EE, see the column articles.
- The articles in the Getting Started: Migrating to the Java Platform series were written specifically for .NET, Windows client-server, and ASP application developers to help them migrate to Java.
Java ME (Java Platform, Micro Edition). Java ME provides an environment for running applications built for a wide range of mobile and embedded systems, such as mobile phones, PDAs, set-top boxes, and printers. This edition of the platform provides tools for creating flexible user interfaces, a reliable security model, a full range of built-in network protocols, as well as powerful support for online and offline dynamically loaded applications. Applications based on the Java ME specifications can run on a variety of devices and still be able to effectively use their system capabilities.

What technologies are the main components of the Java platform?

The Java section of developerWorks contains the components of Java. Below are some of the components, possible additional packages and extensions included in each edition of the platform. Each technology is given a brief description, as well as a link to materials that describe its place in the Java world. Note that many of the components are included in all three editions of the Java platform.

Technologies included in Java SE:

Java Foundation Classes (Swing)(JFC) is a set of Java class libraries that are used to create graphical user interfaces and implement other graphical functions in Java client applications. Management .
JavaHelp is a platform-independent, extensible help system that allows developers and technical writers to embed help pages into applets, software components, applications, operating systems and devices, and to create Web help systems. Refer to the article.
Thanks to Java Native Interface(JNI) Java applications running inside the JVM can interact with programs and libraries written in other programming languages.
Technology Java Web Start simplifies the deployment of Java applications by allowing users to download and run rich software, such as spreadsheets, with a single click, without installation (see article).
Java Database Connectivity(JDBC) is an API that provides a means to access most relational data sources from Java applications. It can be used to connect to multiple SQL databases as well as other tabular data sources, e.g. spreadsheets and unstructured files.
Java Advanced Imaging(JAI) is an object-oriented API that provides a simple, high-level programming model that makes image manipulation easy.
Java Authentication and Authorization Service(JAAS) is a technology that provides services with a means to authenticate users and verify their access rights. It includes a Java implementation of the standard PAM (Pluggable Authentication Module) framework and supports user-level authorization.
Java Cryptography Extension(JCE) is a set of packages that provide infrastructure and implementations for encryption, key generation and exchange, and Message Authentication Code (MAC) algorithms. The technology also includes support for symmetric, asymmetric, block and stream ciphers, as well as secure streams and sealed objects. More detailed information can be obtained from the manual.
Java Data Objects(JDO) is a standard, abstract, interface-based model for long-term storage of Java objects. It allows developers to directly store instances of domain Java classes in persistent storage (such as a database). This model in some cases can replace direct writing to a file, serialization, JDBC, as well as the use of EJB server components, both container-managed (Container Managed Persistence - CMP) and self-storing state (Bean Managed Persistence - BMP).
Plastic bag Java Management Extensions(JMX) provides tools for creating distributed, modular, dynamic, and Web-accessible applications for managing and monitoring devices, software, and service-based networks (see article).
Java Media Framework(JMF) allows you to add audio, video and other media information to Java applications and applets (see the manual).
Java Naming and Directory Interface(JNDI) is a unified interface for accessing various naming and directory services in corporate network. It allows applications to efficiently connect to multiple naming and directory services in a heterogeneous enterprise environment.
Java Secure Socket Extensions(JSSE) is a set of packages for enabling secure exchange of information on the Internet. They implement the Java version of the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols and provide tools for data encryption, message integrity checking, server and client authentication ( last chance is optional).
Java Speech API(JSAPI) includes the JSGF (Java Speech Grammar Format) and JSML (Java Speech Markup Language) specifications. This package provides capabilities for using speech technologies in the user interface. JSAPI is a cross-platform API for supporting voice recognition, speech input systems, and speech synthesis. For more details, see the next section of the article.
Java 3D is an API that provides cross-platform and scalable capabilities for working with 3D graphics in Java applications. The API is organized as a set of object-oriented interfaces that form a single, simple, high-level programming model.
Mechanism Metadata Facility allows developers to define attributes for classes, interfaces, fields, and methods so that they can be subject to special processing by development tools, deployment tools, and third-party libraries at runtime (see article).
Java Content Repository API is an API for accessing content repositories in Java SE, regardless of their implementation. Such repositories are high-level information management systems and are extended versions of classic data repositories.
Enumerations(enumeration) is data type, which allows you to describe various data elements as a typed set of constants.
Generics(generic types) allow you to create classes with parameters (abstract types) that are specified at the instantiation stage. For more information, see this article, and also check out this article about how generic types make working with collections easier in Java SE 6.0.
Utilities Concurrency is a set of classes that provide middle-level functionality that is typically required by applications that perform data parallel processing.
Java API for XML Processing(JAXP) is an API that allows Java applications to parse and transform XML documents, regardless of the XML processor used. This allows applications to easily switch between different processors without changes to the application code. In turn, JAXB technology ( Java API for XML Binding) provides capabilities to automate the mapping of XML documents and Java objects.
SOAP with Attachments API for Java(SAAJ) provides developers with functions for generating and processing messages in accordance with the SOAP 1.1 specification with the indication SOAP with Attachments (SOAP with attachments). For more details, please refer to the article).

Technologies included in J2EE:

Enterprise JavaBeans(EJB) is a component-based model that simplifies middleware development by providing services such as transaction management, security, and database connectivity.
Portlet Specification defines a set of APIs for creating portals in Java, covering aspects such as information aggregation and presentation, personalization, and security (see article).
JavaMail is an API that provides a set of abstract classes that model the mail system.
Java Message Service(JMS) is an API that supports the creation of portable Java applications based on a messaging mechanism. It defines a common set of core concepts and programming strategies for all JMS-compatible messaging systems.
JavaServer Faces(JSF) provides a programming model that helps you build Web applications by assembling pages from reusable user interface components, associating those components with data sources, and connecting client-side events with server-side handlers. For more information, see the two-part guide and series of column articles.
JavaServer Pages(JSP) provides Web developers with the means to quickly create and easily maintain dynamic, cross-platform Web pages that separate user interface and content generation so that designers can change the markup without affecting the dynamically generated content (see the tutorial).
Standard Tag Library for JavaServer Pages(JSTL) is a set of specialized tags that provide a standard format for performing actions required by many Web applications. Check out the article Update your JSP pages with JSTL and the four-part series called .
Java Servlets extend the functionality of Web servers by providing a cross-platform, component-based approach to creating Web applications free of the performance limitations of CGI.
J2EE Connector Architecture(JCA) provides a standard architecture for connecting J2EE applications to heterogeneous enterprise information systems (EIS). This architecture defines a set of scalable and secure transaction-based mechanisms by which EIS providers can provide standard resource adapters for inclusion in an application server. For more detailed information, refer to the articles and manual.
J2EE Management Specification(JMX) defines the management information model for the J2EE platform. This model was specifically designed to interface with many control systems and protocols. It provides standard tools for mapping to the Common Information Model (CIM), the SNMP Management Information Base (MIB), and the Java object model using the resident J2EE Management EJB Component (MEJB).
Java Transaction API(JTA) is a high-level implementation and protocol-independent API that provides a means for programs and application servers to access transactions. Java Transaction Service(JTS) defines a transaction manager implementation that supports JTA and implements an underlying mapping to the OMG (Object Transaction Service - OTS 1.1) object transaction service. Transaction propagation in JTS is implemented using the Inter-ORB Protocol (IIOP). For more details, please refer to the article.

Technologies included in J2ME:

Mobile Information Device Profile(MIDP) is one of two configurations that make up the Java runtime for resource-constrained mobile devices. MIDP provides applications with core functionality that includes tools for creating user interfaces, connecting to network resources, storing data locally, and managing lifecycles.
Connected Device Configuration(CDC) is a standardized framework for creating and deploying applications that can be accessed by many networked and embedded devices.
Mobile 3D Graphics API for J2ME(M3G) is a lightweight, interactive 3D graphics API that is an optional component of J2ME. You can read more about him in our two-part series.

Java Technologies and Web Application Creation

For many years, Java has been the main language for developing Web applications. IN Lately Many infrastructures and libraries have appeared that make it easier to create Web applications in Java, including multifunctional ones interactive applications Web 2.0.

Check out the resources below for topics on Java Web development.

The column's articles talk about Grails, a modern infrastructure for creating Web applications written in Groovy. Grails allows you to seamlessly combine previously written Java code with the ability to use a flexible and dynamic scripting language. More information about Groovy is provided below in the section What does Java have to do with dynamic languages and functional programming?.
Ajax is a programming methodology that uses client-side scripting languages to communicate with a Web server, allowing pages to quickly update information without having to completely reload them. By reading this series of articles, you will learn how Ajax can help you as a Java application developer. For more information, you can visit the developerWorks site.
JavaServer Faces (JSF) provides a programming model that helps you build Web applications by assembling pages from reusable user interface components, associating those components with data sources, and connecting client-side events with server-side handlers. For more information, see the two-part guide and series of column articles.
The Eclipse Web Tools Platform (WTP) extends the popular Eclipse development environment to include tools for creating Web applications based on Java EE technologies (see tutorial).
There is plenty of other excellent material on these topics on developerWorks.

Java technologies, SOA and Web services

Service-oriented architecture (SOA) is a component model that links an application's functional modules (known as Services where the term comes from Web services) through strictly described interfaces and contracts. Interface definitions are independent of the hardware used, the operating system and the programming language in which the service is implemented, thereby supporting unified interaction between services that are components of different systems. SOA is an example of loosely coupled program model, which provides an alternative to classical tightly coupled object-oriented models.

Web services created using this principle allow you to describe business rules and processes in XML, so that application interaction can be carried out regardless of the platforms and programming languages used. XML technologies promote data portability and make it easier to write messages, while Java technologies allow you to write portable code. XML and Java work well together and therefore represent an ideal combination of technologies for creating and deploying Web services.

More detailed information can be obtained by reading the following materials:

The developerWorks pages and site can help you navigate these complex technologies.
The articles in the series talk about Web service frameworks in Java, as well as new functional layers created on top of these services.
This article provides an introduction to the elegant style of Web services design called Representational State Transfer (REST) and discusses the use of Java to create Web services using REST principles.
Understanding of JAX-RPC technology (RPC based on the Java API for working with XML) has great importance for creating efficient Web services in Java.
JAX-WS is the obvious next step in the evolution of JAX-RPC. A practical introduction to this new API is given in the tutorial.
This series of articles provides guidance on Service Component Architecture (SCA), a specification that describes a model for developing applications and systems using SOA principles.
This article provides an introduction to the Service Data Objects framework, which simplifies the Java EE data model when building SOA applications.

What does Java have to do with dynamic languages and functional programming?

Many developers who start learning Java have extensive experience with other programming languages. At the same time, even the most seasoned programmers admit that Java is not an ideal language for solving everyone problems encountered in practice. Fortunately, with support from the JVM, you can take full advantage of modern dynamic scripting and functional languages when developing applications for the Java platform. The flexibility and dynamism of these languages proves to be very useful when prototyping and implementing certain types of applications.

You can read more about the possibilities of using dynamic and functional languages on the Java platform in the materials linked below.

The Groovy scripting language allows Java developers to use the most common language constructs and libraries, while providing a flexible, dynamic development environment that does not require compilation, simplifies syntax, and supports scripting inside regular Java applications. A detailed overview of the capabilities of this language is provided in the articles in the series.
The new Script API in Java SE 6, which is backwards compatible with Java SE 5 and contains a small set of interfaces and classes, provides an easy way to call scripts written in dozens of languages from Java code. With it you can download and call external scripts at runtime, dynamically changing the behavior of the application. You can read more about this API in a two-part series called .
Are you an ardent supporter of functional programming? Then you should pay attention to the column, which talks about Scala, a programming language for the JVM that combines functional and object-oriented development approaches.
VMs have supported alternative programming languages for a long time. In the articles of the column you can read about implementations for the JVM of such languages as Rexx, Ruby, JavaScript, Python and some others.

Java and free software creation

There are countless libraries, tools, frameworks, programs and application servers available in Java that provide developers with additional opportunities to use this powerful platform. A number of free technologies have been incorporated into the Java platform over time, and others have remained popular among Java developers over the years, in some cases serving as de facto standards.

The Apache Software Foundation brings together many open source projects, most of which are developed based on Java technologies. Some representatives of this family of projects are listed below.
- Apache Struts is a framework for creating Web applications that follow the Model-View-Controller architecture.
- Apache Shale(EN) is another modern infrastructure for creating Web applications, which is the successor to Struts and is based on JSP (JavaServer Pages) technology. An introduction to Shale is provided in the articles in the series.
- Apache Ant is the de facto standard for automating the build process of Java applications.
- The Apache Maven build tool was designed to meet the demands of modern software projects, which are characterized by dynamic collaboration between development teams and dependency on multiple independently supported components (see the tutorial).
- Apache Tomcat is a popular Web container that supports servlets and Java server pages (JSP).
- The Apache Geronimo project is to create a fully spec-compliant Java EE application server based entirely on free technologies. You can read more about Geronimo in this article, as well as on the developerWorks site, which contains a lot of useful material.
- Apache Derby(EN) is a server relational databases data, entirely implemented in Java. An introduction to Derby is provided in the article.
Eclipse(EN) is an open and independent development platform and a set of basic tools for creating software. It is written in Java and provides a plug-in-based infrastructure that makes it easy to develop, integrate, and use software tools. IBM is a founding member of Eclipse.org and actively participates in the project's governing board and subcommittees. You can read about some of the component technologies of the Eclipse platform aimed at creating Java applications in the following materials:
- AspectJ(EN) is an aspect-oriented extension to the Java language that can be used to modularize cross-cutting functionality such as logging or exception handling.
- The Standard Widget Toolkit(EN) (SWT) is a toolkit that allows you to leverage the capabilities of your operating system to create user interface elements in an efficient and portable manner.
- Mylyn(EN) is a powerful job management system for Eclipse users. Detailed guidance is provided in the articles and, formerly known as Acegi Security for Spring, is a powerful and flexible security solution for enterprise applications built on top of the Spring infrastructure. It is discussed in detail in four articles in the series.
Sun Microsystems also began work on , launching the following public projects on the java.net(EN) website:
- OpenJDK

How to develop Java programming skills?

There are two main ways to develop your Java programming skills: take a special training course (with the possibility of certification) or learn Java on your own by practicing writing code. Training courses not only allow you to learn from the experience of qualified developers, but also provide the opportunity to obtain a certificate that can convince a potential employer that you have the skills necessary to solve the problems facing us technical problems. In doing so, you will be able to deepen your knowledge in various areas of Java by experimenting on your own and using all the resources available. Whatever path you choose, the following materials will help you.

Guides and articles
- developerWorks has an extensive collection of tools that are second only to coding on your own in terms of usefulness in learning Java.
- The articles are a series and are great for improving your Java skills.
- The application of design theory to creating real-world applications is discussed in the articles in the series.
- Experienced Java developers build their applications in advance with tools for debugging and testing. The developerWorks site features several articles in the series - these are real-time games based on the Eclipse platform, aimed at learning Java programming. Introductory information about CodeRuler is given in the article Conquest of medieval kingdoms with CodeRuler (EN).
IBM Technical Training Courses
- We offer a wide range of online, face-to-face and multimedia Java courses from IBM Global Services.
Certification
- You can take several exams to earn certifications that demonstrate your Java programming skills. Materials on courses leading to certification can be found on the Java Certification(EN) website.
- IBM provides opportunities for your skills in Java-related technologies such as enterprise application development for WebSphere, Rational software, DB2, XML and SOA.
Forums
- moderated by experts with years of experience in Java technologies, this is the most interactive way to learn Java.

IBM products and technologies for Java developers

IBM is one of the leaders in the practical application of Java technologies. Below are links to some of the IBM products and technologies available to Java platform application developers.

Free downloadable products:
- (Java Developer Kit) is a set of tools for creating and testing applets and applications for Java SE and Java ME on a variety of popular operating systems, including Windows, Linux and AIX.
- (IBM Development Package for Eclipse) is an Eclipse-based, unsupported development toolkit that allows you to create and run applications in your own out-of-the-box development environment.
- Note: You can download Eclipse free software packages from developerWorks, including the parallel products Calisto and Europa.
- is a virtual repository of promising Java technologies being developed at IBM. These include APIs, integrated development environments, development kits, reference implementations, and utilities. Below are links to some of the technologies featured in alphaWorks.
- . This utility helps you analyze and generate testable Ant scripts for building projects developed with Eclipse, Rational, and WebSphere IDEs for the Java EE and SCA platforms.
- (IBM Pattern Modeling and Analysis Tool for Java Garbage Collector). This utility parses detailed GC trace files, analyzes dynamic memory (heap) usage, and recommends application settings based on the obtained memory simulation results. (Secure Shell Library for Java) is a lightweight implementation of the SSH-2 protocol developed by the Internet Engineering Task Force (IETF). It provides secure authentication and other secure services that operate under unsecured network. allows you to consolidate and transform data, thereby increasing the productivity, flexibility and productivity of your business through quick access to the information you need.

In this guide, we'll cover everything you need to know before you start studying. programming in Java. You will learn about the capabilities of the platform, its application, and how to start learning Java correctly.

What is the Java programming language?

In 1991, the "Green Team", a division of Sun Microsystems, led by James Gosling, created a language for programming consumer electronic devices. At that time it was called Oak (“Oak”). Why "Oak"? Simply because this tree grew outside the window of Gosling’s office.

The Green Team demonstrated the use of Oak in an interactive TV. But for digital cable television of those years, this technology was too advanced. At the same time, the Internet was gaining popularity, for which the new programming language was best suited.

After some time, the new language was renamed Green, and after that - Java, in honor of coffee from the island of Java. That's why the Java logo features a coffee mug.

During the development of Java, C/C++ was popular, so Gosling made the language's syntax similar to C/C++ and implemented the " write once - run anywhere" In 1995, Sun Microsystems released the first official version of Java. And at the same time it was announced that Java would be included in the Netscape Navigator browser.

In 2010, Sun Microsystems, along with the Java programming language, was acquired by Oracle Corporation.

Java version history

June 1991 – start of the development project programming language Java.
JDK 1.0 – January 1996.
JDK 1.1 – February 1997.
J2SE 1.2 – December 1998.
J2SE 1.3 – May 2000.
J2SE 1.4 – February 2002.
J2SE 5.0 – September 2004.
Java SE 6 - December 2006.
Java SE 7 – July 2011.
Java SE 8 – March 18, 2014.
Java SE 9 – September 21, 2017.

Java Programming Language Features

Java is a cross-platform language

Java code written on one platform ( that is, the operating system), can be run without modification on other platforms.

Java is used to run Java ( Java Virtual Machine, JVM). The JVM processes the byte code, after which the processor processes the code received from the JVM. All virtual machines work similarly, so the same code runs the same on all operating systems, which is what makes Java a cross-platform programming language.

Object-oriented programming language

Exist various styles programming, and one of the most popular is object-oriented programming. With this approach, a complex problem is broken down into smaller ones by creating objects. Thanks to this, the code can be reused.

Object-oriented functions are found in many programming languages, including Java, Python, and C++. If you're serious about learning to program, an object-oriented approach is worth incorporating into your learning plan.

Java is fast

Early versions programming language Java has often been criticized for being slow. But today the situation has changed dramatically. New versions of the JVM run much faster, and the processors that interpret them are becoming faster and faster.

Today Java is one of the most fast languages programming. Well-optimized Java code runs almost as fast as low-level programming languages such as C/C++ and much faster than Python, PHP, etc.

Java is a secure platform

Java is:

a secure platform for developing and launching applications;
provides tools for automatic memory management, which reduces code vulnerability;
ensures secure data transfer.

Extensive core library

One of the reasons why Java is so widespread is its huge standard library. It contains hundreds of classes and methods from various packages that make life easier for developers. Eg,

java.lang is advanced functions for strings, arrays, etc.

java.util – library for working with data structures, regular expressions, date and time, etc.

kava.io - library for file input/output, exception handling, etc.

Application of the Java Platform

Before learning Java programming from scratch, you need to know that more than 3 billion devices around the world work on this platform. What exactly can it be used for:

Android Applications - To develop Android applications, the Java programming language is often used in combination with the Android SDK ( from English software development kit - software development kit).
Web Applications - Java is used to create web applications using server programs, Struts framework and JSP. Some popular web applications written in Java are: Google.com, Facebook.com, eBay.com, LinkedIn.com.

It's worth noting that these sites are not necessarily written exclusively in Java, and may use other programming languages as well.

Software development– such programs as Eclipse, OpenOffice, Vuze, MATLAB and many others are written in Java.
Big Data processing – to process “big data” you can use the Hadoop framework written in Java.
Trading systems– using the platform Oracle Extreme Java Trading Platform, you can write programs for trading.
Embedded devices– today billions of devices, such as TVs, SIM cards, Blu-ray players, etc., are based on Java Embedded technology from Oracle.

Also programming in Java is used to develop games, scientific applications ( for example, for processing natural language ) and in many other areas.

Java Terminology You Should Know

Java is a set of technologies ( programming language and computer platform), designed to create and run software. However, the term Java often refers to the programming language itself.

Programming language Java is a cross-platform, object-oriented, general-purpose programming language with extensive capabilities.

Java 9 is the latest version of Java at the time of this writing.

Java EE, Java Me and Java SE - these names stand for Java Enterprise Edition, Micro Edition and Standard Edition, respectively.

Java EE is aimed at applications that run on servers. Java ME is designed for power-constrained devices such as embedded devices. Java SE - Standard Java edition for writing regular programs.

If you are new to Java programming, we recommend starting with Java SE.

JVM - Java Virtual Machine (" Java virtual machine") is a program that allows a computer to run programs written in Java.

JRE – Java Runtime Environment (“ Java runtime") includes the JVM, associated libraries, and other components needed to run programs. But the JRE does not have a compiler, debugger, or other development tools.

JDK – Java Development Kit Java developer) contains the JRE and other development tools such as compilers, debuggers, etc.

How to run Java on your operating system

How to Run Java on Mac OS

Here's what to do for Java programming from scratch and installing the platform on Mac OS X or macOS:

Download the latest version of Java ( JDK) with Java SE download pages.
Double-click on the downloaded DMG file and follow the instructions of the installer.
To verify the installation, open a terminal and enter next command:

javac –version

If Java is installed correctly, the program version will be displayed on the screen ( for example javac 1.8.0_60).

The next step would be IDE installation (integrated development environment) for writing and running Java code. We will install the free version of IntelliJ IDEA and run Java on it. Here's what you need to do to do this:

Go to IntelliJ download page and download the free Community Edition.

Open the downloaded DMG file and follow the installation instructions. For quick access, you can move IntelliJ IDEA to the Applications folder.
Open IntelliJ IDEA. Select the option “Don’t import settings” (“ Don't import settings") and click "Ok". After this, accept the Jetbrains privacy policy by clicking on the “Accept” button.
Now you can customize the interface for yourself. You can also skip this step and leave everything as default. If you are not sure, just skip this step by clicking the “Skip All and Set Defaults” button (“ Skip everything and set to default settings»).

The program will show you a welcome page. Click on the button “Create New Project" (“ Create a new project»).
In the next window, select "Java" in the left pane and click "New" at the top of the program window to select "JDK". Here you need to select the location where you installed the JDK, and then click Next.

You will have the option to create a project from template (“Create project from template”). We ignore it and click the “Next” button.
In the next installation step programming language Java enter the project name and click the "Finish" button.
In the left panel you will see your project. If the panel is not visible, go to the menu Views > Tool Windows > Project.
Go to Hello > New > Java and give the class a name. We called it First.

To run the program you just wrote, go to Run > Run... Click on First ( that is, the name of the file we created

How to Run Java on Linux

To run examples from programming lessons from scratch Java on Linux will need the JAVA SE Development Kit ( JDK) and IDE for developing your projects. Follow the instructions step by step to get started with Java.

Install Java

Open a terminal and type the following command to install Java:
sudo add-apt-repository ppa:webupd8team/java

sudo apt update; sudo apt install oracle-java8-installer

Accept license agreement and terms of use by clicking “OK” and “Yes”, respectively.
You have installed Java. To verify that the installation was successful, enter the following command in a terminal:

java –version

If the current version is displayed, the installation was successful. If not, check with Oracle help page.

Installing IntelliJ IDEA

Go to .

Download the free Community Edition by clicking the "Download" button.
After downloading change the directory in the terminal to your downloads directory and extract the Java tar file into the /opt folder with the following command:

sudo tar xf .tar.gz -C /opt/

After unpacking, change the directory to the bin folder of the IntelliJ IDEA program:
cd /opt/ /bin
To start the IDE, enter the following command:
Select “Don’t import settings” (“ Don't import settings") and click "OK". After this, we accept the Jetbrains privacy policy by clicking on the “Accept” button.
Now for the passage programming courses Java, you can customize the interface for yourself. Create a shortcut on your desktop for quick access to the program. After that, to launch the IDE, click “Next" at all the following stages.
The program will show the welcome page. Click "Create New Project" (" Create a new project»).
In the next window, select "Java" in the left pane and make sure that Java is selected in the Project SDK line. If not, then select the location where you installed JDK: /usr/lib/jvm/java-8-oracle.

Click “Next” twice and create a project.
In the next step, enter a project name and click the “Finish” button. Now in the left panel you will see your project. If this panel is not visible, go to the menu Views > Tool Windows > Project.
Add new class Java. Select src in the left pane with the right click and go to New > Java Class. Provide a class name. There should be no spaces in the class name.

Write the Java code and save the project.
To run the program, go to Run > Run... Click on HelloWorld ( Project name) - the program will compile the file and run it.

How to Run Java on Windows (XP, 7, 8 and 10)

To master Java programming basics and running the platform on Windows, you will need a JAVA SE Development Kit (JDK) and an IDE for developing projects. Follow step by step instructions given below:

Installing Java

Go to download page Java Standard Edition Development Kit.

In the Java SE Development Kit section at the top of the table, click "Accept License agreement" (" Accept the license agreement"). Then click on the link Windows (x64) if you have a 64-bit operating system or Windows (x86) if you have a 32-bit OS.

After downloading, run installation file and follow the instructions that appear on the screen. Click " Next" Select all functions by pressing " This feature will be installed on local hard drive" and copy the installation location ( it is highlighted in yellow) in Notepad, then click again Next».

During the installation process, you will be prompted to install the JRE. Click "Next" and then "Finish" to complete the installation.
Now you need to edit the PATH variable. Go to Control Panel > System and Security > System. In the left pane, select " Extra options systems."

Click " Environment Variables". In chapter " System variables" Find the PATH variable and in the next window click "Edit".

Select all text in the " Variable value" and copy it into a separate text file. This will make it easier to edit and check for errors. See if the copied text contains the line: C: ProgramData Oracle Java javapath; . If yes, then you can move on to the next step. If not, then paste the installation location you copied earlier at the beginning of the variable and add bin at the end of the line like this: C : Program Files (x 86) Java jdk 1.8.0_112 bin ; Please note that your JDK version (jdk 1.8.0_112) may be different. Copy the value of the variable and paste it into the PATH box.

Click " OK" to save your changes.
To check if the platform is installed correctly introduction to programming Java, open command line by typing cmd in the line Windows search or through the command “Run…” ( Windows - R). Enter the java -version command. If the current version of Java is displayed, the installation was successful. If not, check with Oracle help page.

Installing IntelliJ IDEA

Go to IntelliJ IDEA download page.
Download the free Community Edition by clicking "Download".

Once downloaded, run the installation file and follow the instructions that appear on the screen. Then create a desktop shortcut for the 64-bit version and add associations with the .java extension. Click "Next" and continue with the installation.

Once installed, open IntelliJ IDEA by clicking on the desktop icon.
Select "Don't import settings" (" Don't import settings") and click "OK". After this, we accept the Jetbrains privacy policy by clicking “Accept”.
Now you can customize the interface for yourself. You can also skip this step and leave everything as default by clicking the “Skip All and Set Defaults” button.
The program will show the welcome page. Click "Create New Project" (" Create a new project»).

In the next window, select "Java" in the left pane and click "New" at the top of the program window to select JDK. Here you need to select the location where you installed the JDK during the Java installation, and then click “Next”.
IntelliJ IDEA will find the JDK and recognize it. There is no need to mark any other options, just click “Next".
On the next screen, enter the project name: HelloWorld and click Finish. If the program says that the directory does not exist, click OK. If you don't see the left pane, go to Views > Tool Windows > Project.
To set the class name, select the src folder in the left pane. Right-click on it, go to New > Java and set the class name. There should be no spaces in the class name.

Write the code and save the Java project programming lesson.
To run the program, go to the menu Run > Run... Click on HelloWorld - the program will compile the file and run it.

Your first Java program

To introduce users to a new programming language, they use the Hello World program (“Hello, world!”). This is a simple program that displays the words Hello, World! In this section we will teach you how to write this program in Java using IntelliJ IDEA.

Open IntelliJ IDEA.
Go to File > New > Project… > Java ( in the left navigation bar).
Set the Project Name from programming course J a va. We'll call it Hello World and click Finish.
Now we need to create a new Java class.
Select the src folder in the left pane, then go to File > New > Java Class and name the new class HelloWorld.
Copy the following code into the HelloWorld.java file and save it.

public class HelloWorld ( public static void main(String args) (

// prints "Hello, World!"

System.out.println("Hello, World!");

Click the start button ( Run). If everything is in order, you will see Hello, World! on the screen.

How to learn Java?

Official Java Documentation

Oracle, the company that owns Java, publishes quality tutorials. The official documentation covers all Java features and is updated regularly.

Note: the only negative is that the official Java documentation is not always written in the simplest language.

If you really want to learn programming in Java, buy a good book. Of course, 1000 pages cannot be read in one day. But a good tutorial will help you learn programming.

Java: The Complete Guide (10th Edition)

A great book for those just starting to learn Java. The latest edition includes all the features of the Java 8 release.

The book covers everything you need to know about Java programming, including syntax, keywords, and programming fundamentals, as well as the Java API library, Java applets, and more.

Java Philosophy (4th Edition)

If you are switching to Java from another programming language, this book is for you. If you are starting from scratch, it is best to read it along with the other.

Java 8. Pocket Guide: First Aid for Java Programmers

This book contains clear answers to questions that arise when teaching J ava programming from scratch. It briefly covers all the basic Java concepts (including Java 9). Don't want to flip through hundreds of pages looking for the right line? Buy this book.

Instead of a conclusion

If you start learning Java, you can't go wrong - it is a promising programming language, full of a wide variety of possibilities.

Before you start learning Java, here are a few tips:

Don't read educational articles and examples like a novel. The only way To become a good programmer is to write a lot of code.
If you're coming from another programming language (say, C#), you don't need to write code in the C# style.
Find Java communities online. Once you learn how to write simple programs in Java, find popular sites and forums dedicated to Java. Try to solve problems that other programmers have. This is a great way to expand your own knowledge. Plus, if you get stuck, you'll know where to ask for help.

We hope this article will encourage you to learn Java and help you start working on your first programs.

Translation of the article “ Learn Java Programming. The Definitive Guide” was prepared by the friendly project team

We will talk about basic Java syntax for beginners. A programming language's syntax is a set of rules that determine how...

So, Java has a long and complicated history of development, but the time has come to consider what the creators accomplished and what properties this technology has.

The most widely known, and at the same time the most heatedly debated, property is multi- or cross-platform. It has already been said that this is achieved through the use of the JVM virtual machine, which is a regular program executed by the operating system and providing Java applications with all the necessary capabilities. Since all JVM parameters are specified, the only task left is to implement virtual machines on all existing and used platforms.

The presence of a virtual machine determines many properties of Java, but now let's focus on the following question - is Java a compiled or interpreted language? In fact, both approaches are used.

The source code of any Java program appears to be ordinary text files, which can be created in any text editor or specialized development tool and have the .java extension. These files are fed to the input of the Java compiler, which translates them into special Java bytecode. It is this compact and efficient set of instructions that is supported by the JVM and is an integral part of the Java platform.

The result of the compiler's work is saved in binary files with the .class extension. A Java application consisting of such files is supplied as input to a virtual machine, which begins to execute or interpret them, since it is itself a program.

Many developers initially harshly criticized Sun's bold "Write once, run everywhere" slogan, finding more and more inconsistencies and inconsistencies across various platforms. However, it must be admitted that they were simply too impatient. Java was just coming out, and the first versions of the specifications were not comprehensive enough.

Sun soon realized that simply publishing specifications freely (which had already been done long before Java) was not enough. It is also necessary to create special procedures for checking new products for compliance with standards. The first such test for the JVM contained only about 600 checks, a year later their number grew to ten thousand and has been increasing ever since (this is exactly what MS IE 4.0 failed to pass). Of course, the authors of virtual machines improved them all the time, eliminating errors and optimizing their operation. Still, any technology, even a very well conceived one, requires time to create a high-quality implementation. Java 2 Micro Edition (J2ME) is now going through a similar development path, but more on that later.

The next most important property is Java's object orientation, which is always mentioned in all articles and press releases. The object-oriented approach (OOP) itself is discussed in the next lecture, but it is important to emphasize that in Java almost everything is implemented in the form of objects - threads and data streams, working with the network, working with images, with the user interface , error handling, etc. After all, any Java application is a set of classes that describe new types of objects.

A detailed discussion of the Java object model is carried out throughout the course, but we will outline the main features. First of all, the creators abandoned multiple inheritance. It was decided that it made programs too complicated and confusing. The language uses an alternative approach - a special type "interface". It is discussed in detail in the corresponding lecture.

Further, in Java it is used strong typing. This means that any variable and any expression has a type that is already known at compile time. This approach is used to simplify the identification of problems, because the compiler immediately reports errors and indicates their location in the code. Searching for exceptions (as incorrect situations are called in Java) during program execution (runtime) will require complex testing, and the cause of the defect may be found in a completely different class. Thus, you need to put in extra effort when writing code, but its reliability increases significantly (and this is one of the fundamental goals for which the new language was created).

There are only 8 data types in Java that are not objects. They were defined from the very first version and have never changed. These are five integer types: byte, short, int, long, and also include the character char. Then two fractional types float and double and finally a Boolean type boolean. Such types are called simple, or primitive (from the English primitive), and they are discussed in detail in the lecture on data types. All other types are object or reference. reference).

For some reason, Java syntax has confused many people. It is indeed created on the basis of the syntax of the C/C++ languages, so if you look at the source code of programs written in these languages and in Java, it is not immediately possible to understand which of them is written in which language. For some reason this gave many people a reason to think that Java is a simplified C++ with additional features, such as garbage collector. We will look at the automatic garbage collector below, but it is a big misconception to think that Java is the same language as C++.

Of course, when developing a new technology, Java's authors relied on a widely used programming language for a variety of reasons. Firstly, at that time they themselves considered C++ to be their main tool. Secondly, why come up with something new when there is a completely suitable old one? Finally, it is obvious that unfamiliar syntax will scare off developers and significantly complicate the implementation of a new language, but Java should have become widespread as quickly as possible. Therefore, the syntax has been only slightly simplified to avoid too confusing constructions.

But, as already mentioned, C++ was fundamentally unsuitable for the new tasks that the developers from Sun set themselves, so the Java model was built anew, and in accordance with completely different goals. Further lectures will gradually reveal the specific differences.

As for the object model, it was rather modeled on languages such as Smalltalk from IBM, or the Simula language developed back in the 60s at the Norwegian Computing Center, to which the creator of Java, James Gosling himself, refers.

Another important property of Java - ease of learning and development - also received mixed reviews. Indeed, the authors have taken the trouble to rid programmers of the most common mistakes that even experienced C/C++ developers sometimes make. And the first place here is occupied by working with memory.

Java was introduced from the very beginning automatic garbage collection mechanism(from English garbage collector). Suppose a program creates an object, works with it, and then a moment comes when it is no longer needed. It is necessary to free up the occupied memory so as not to interfere with the operating system’s normal functioning. In C/C++ this must be done explicitly from the program. Obviously, with this approach there are two dangers - either deleting an object that is still needed by someone (and if it is actually accessed, an error will occur), or not deleting an object that has become unnecessary, and this means a memory leak, that is the program begins to consume an increasing amount of RAM.

When developing in Java, the programmer does not think about freeing memory at all. The virtual machine itself counts the number of references to each object, and if it becomes zero, then such an object is marked for processing by the garbage collector. Thus, the programmer must only ensure that there are no references to unnecessary objects. The garbage collector is background execution thread, which regularly reviews existing objects and deletes those no longer needed. The program cannot influence the operation of the garbage collector in any way; you can only explicitly initiate its next pass using a standard function. It is clear that this greatly simplifies program development, especially for novice programmers.

However, experienced developers were unhappy that they could not fully control everything that happened to their system. There is no exact information when exactly an object that has become unnecessary will be deleted, when the garbage collector thread will start working (and therefore occupying system resources), etc. But, with all due respect to the experience of such programmers, it should be noted that the overwhelming number of failures of programs written in C/C++ are due to incorrect work with memory, and sometimes this happens even with widely used products from very serious companies.

In addition, special emphasis was placed on the ease of mastering the new technology. As already mentioned, it was expected (and these expectations were justified, confirming the correctness of the chosen path!) that Java should be used as widely as possible, even in those companies that had never before engaged in programming at this level (household appliances such as toasters and coffee makers , creating games and other applications for cell phones etc.). There were a number of other considerations as well. Products for everyday users, not professional programmers, need to be especially reliable. The Internet became the World Wide Web because non-professional users appeared, and the ability to create applets for them was no less attractive. They needed a simple tool to create robust applications.

Finally, the Internet boom of the 90s gained momentum and put forward new, more stringent requirements for development time. Multi-year projects, which were common in the past, no longer met the needs of customers; new systems had to be created in a maximum of a year, or even in a matter of months.

In addition to introducing the garbage collector, other steps have been taken to make development easier. Some of them have already been mentioned - the elimination of multiple inheritance, simplification of syntax, etc. The ability to create multi-threaded applications was implemented in the very first version of Java (research has shown that this is very convenient for users, and existing standards are based on teletype systems that have been outdated for many years back). Other features will be discussed in subsequent lectures. However, it has long been a generally accepted fact that creating and maintaining systems is indeed easier in Java than in C/C++. However, these languages were created for different purposes, and each has its own undeniable advantages.

The next important property of Java is security. The initial focus on distributed applications, and in particular the decision to run applets on the client machine, made the issue of security a high priority. When any Java virtual machine is running, there is a whole range of measures in place. The following is just a brief description of some of them.

First, these are the rules for working with memory. It has already been said that memory cleaning is done automatically. Its reservation is also determined by the JVM, not the compiler, or explicitly from the program; the developer can only indicate that he wants to create another new object. There are basically no signs for physical addresses.

Secondly, the presence of a virtual machine interpreter makes it much easier to cut off dangerous code at every stage of work. First, the bytecode is loaded into the system, usually in the form of class files. The JVM carefully checks that they all comply general rules Java security and whether they were created by attackers using some other means (and whether they were corrupted during transmission). Then, during program execution, the interpreter can easily check each action for validity. The capabilities of classes that were loaded from a local disk or over the network differ significantly (the user can easily assign or revoke specific rights). For example, applets by default will never access the local file system. All Java standard libraries have such built-in restrictions.

Finally, there is a mechanism for signing applets and other applications downloaded over the network. A special certificate guarantees that the user received the code exactly in the form in which the manufacturer issued it. This, of course, does not provide additional protection, but it allows the client to either refuse to work with applications from untrusted manufacturers, or immediately see that unauthorized changes have been made to the program. At worst, he knows who is responsible for the damage caused.

The combination of the described properties of Java allows us to assert that the language is very suitable for developing Internet and intranet (internal corporate networks) applications.

Finally, an important distinguishing feature of Java is its dynamism. The language is very well conceived; hundreds of thousands of developers and many large companies participate in its development. The main stages of this development are briefly covered in the next section.

So, let's summarize. The Java platform has the following advantages:

portability, or cross-platform ;
object orientation, an effective object model has been created;
familiar C/C++ syntax;
built-in and transparent security model;
focus on Internet tasks, distributed network applications;
dynamism, ease of development and adding new features;
ease of learning.

But one should not assume that easier learning means that there is no need to learn the language at all. To write really good programs, to create large complex systems, you need a clear understanding of all the basic concepts of Java and the libraries used. This is exactly what this course is dedicated to.

Major Java versions and products

Let's make it clear right away that by products here we mean software solutions from Sun, which are “reference implementations”.

So, Java was first announced on May 23, 1995. The main products available at that time in beta versions were:

Java language specification, JLS , the Java language specification (describing vocabulary, data types, basic constructs, etc.);
JVM specification;
Java Development Kit, JDK - a developer tool consisting primarily of utilities, standard class libraries, and demos.

The specification of the language was compiled so successfully that it is used practically unchanged to this day. Of course, a large number of clarifications have been made, more detailed descriptions have been added, and some new features have been added (for example, declaring inner classes), but the basic concepts remain unchanged. This course relies heavily on the language specification.

The JVM specification is intended primarily for creators of virtual machines, and therefore is practically not used by Java programmers.

The JDK has long been the go-to tool for application development. It does not contain any text editors, but operates only on existing Java files. The compiler is represented by the javac (java compiler) utility. The virtual machine is implemented by the java program. For test runs of applets, there is a special utility appletviewer. Finally, a javadoc tool is included to automatically generate documentation from source code.

The first version contained only 8 standard libraries:

java.lang - base classes necessary for the operation of any application (the name is short for language);
java.util - many useful helper classes;
java.applet - classes for creating applets;
java.awt, java.awt.peer - a library for creating a graphical user interface (GUI), called Abstract Window Toolkit, AWT, described in detail in Lecture 11;
java.awt.image - additional classes for working with images;
java.io - working with data streams (streams) and files;
java.net - working with the network.

Thus, all libraries start with java, they are the standard ones. All others (starting with com, org, etc.) can change in any version without compatibility support.

The final version of JDK 1.0 was released in January 1996.

Let’s immediately explain the version naming system. The version designation consists of three numbers. The first one is always 1. This means that full compatibility is maintained between all versions of 1.x.x. That is, a program written on an older JDK will always run successfully on a newer one. If possible, backward compatibility is also observed - if the program is compiled with a newer JDK, and no new libraries were used, then in most cases older virtual machines will be able to execute such code.

The second digit changed from 0 to 4 (the last one at the time the course was created). In each version, there was a significant expansion of the standard libraries (212, 504, 1781, 2130 and 2738 - the number of classes and interfaces from 1.0 to 1.4), and also some new features were added to the language itself. The utilities included in the JDK have also changed.

Finally, the third number means the development of one version. Nothing changes in the language or libraries, only errors are eliminated, optimization is performed, and utility arguments can be changed (added). So, latest version JDK 1.0 - 1.0.2.

Although nothing is removed with the development of version 1.x, of course, some functions or classes become obsolete. They are declared deprecated, and although they will be supported until the announcement of 2.0 (and nothing has been heard about it yet), they are not recommended.

Along with the initial success of JDK 1.0 came criticism. The main shortcomings discovered by the developers were as follows. First, of course, is performance. The first virtual machine was very slow. This is due to the fact that the JVM is essentially an interpreter that always runs slower than the compiled code. However, successful optimization that eliminated this shortcoming was still to come. Also noted were the rather poor capabilities of AWT, lack of work with databases, and others.

In December 1996, a new version of JDK 1.1 was announced, and a beta version was immediately released for free access. The final version was released in February 1997. What has been added in the new release of Java?

Of course, special attention was paid to performance. Many parts of the virtual machine have been optimized and rewritten using Assembler rather than C as before. In addition, since October 1996, Sun has been developing a new product - the Just-In-Time compiler, JIT. Its task is to translate the Java bytecode of the program into the “native” code of the operating system. Thus, the program launch time increases, but execution can be accelerated in some cases by up to 50 times! Since July 1997, an implementation for Windows has appeared and JIT is included as standard in the JDK with the ability to disable it.

Many new important features have been added. JavaBeans, a technology announced back in 1996, allows you to create visual components that are easily integrated into visual development tools. JDBC (Java DataBase Connectivity) provides access to databases. RMI (Remote Method Invocation) makes it easy to create distributed applications. Support for national languages and the security system have been improved.

In the first three weeks, JDK 1.1 was downloaded more than 220,000 times, less than a year later - more than two million times. At the moment, version 1.1 is considered completely outdated and its development stopped at 1.1.8. However, because the most common browser, MS IE, still only supports this version, it continues to be used for writing small applets.

Additionally, on March 11, 1997, Sun began offering the Java Runtime Environment, JRE (Java Runtime Environment). Essentially, this is the minimum virtual machine implementation required to run Java applications, without a compiler or other development tools. If the user only wants to run programs, this is exactly what he needs.

As you can see, the most important drawback remains weak support for the graphical user interface (GUI). In December 1996, Sun and Netscape announced a new library, IFC (Internet Foundation Classes), developed entirely in Java by Netscape and designed specifically for creating complex windowing interfaces. In April 1997, it was announced that the companies planned to combine Sun's AWT and Netscape's IFC technologies to create a new Java Foundation Classes product, JFC, which would include:

advanced window

What's happened Information Security? This is a state of information security that ensures its confidentiality, availability and integrity.

Typically, in order to assess the state of information security, it is necessary to understand and analyze threats and their sources, assess the level of damage, the likelihood of implementation and relevance of threats, risks (optional) that may affect our system/information.

In my opinion, it is impossible to assess the security of a single technology or programming language without reference to specific method implementation, i.e. without a specific finished software product in a language that has a detailed technical specification describing the architecture and functionality. But this will also not be enough, since it is necessary to assess the state of security of the finished information system with its own specific architecture, set of components, business processes, information and, finally, people. Let me give you an example of building a house. We have materials (sand, cement, crushed stone, brick, etc.) and tools (bucket, shovel, trowel, etc.). We cannot evaluate the quality and reliability of the finished house solely by the materials/tools used: how long it will last, whether there will be cracks in it, whether it will be cold or quiet. You need to choose a house design, construction technology and a team of craftsmen. And only after completion of construction will we be able to measure compliance with the project, GOST, SNiPs, check measurements of thermal protection, noise, loads, analyze the quality of cement and answer most questions. But the main question is “how long will it last?” we will not have an exact answer, since we do not know all the operating conditions of the house and all the factors that will influence throughout the entire time.

How to be secure in Java

Let's take Java for example . It is an object-oriented programming language; programs written in Java are translated into Java bytecode, executed by the Java virtual machine (JVM), a program that processes the bytecode and passes instructions to the hardware as an interpreter. Dignity similar method program execution is complete independence of the bytecode from the operating system and hardware, which allows you to run Java applications on any device for which there is a corresponding virtual machine.

« "Universal Language" sounds nice, but the most common problem is also the other side of the coin - memory leaks in the JVM, which leads to memory overflow and crashes. In connection with this problem, vulnerabilities cannot be ruled out, because the main tenet of reliability is that the simpler the better. In this case, such a complex pie is put together from ensuring the compatibility of a large number of platforms and operating systems that it is almost impossible to track and close all the vulnerabilities found in them and quickly eliminate them. For Microsoft, vulnerabilities can be found and fixed after 4-8 years, and this does not take into account undeclared capabilities left intentionally or by mistake.

From my experience: when programmers add new functionality that is related to something already implemented, or fix old functionality, in 15% of cases they break a previously working product. And if full testing is not carried out, the end result is a product with new functionality, but with the old one partially not working. There are also differences in how the code is written for different platforms, OS versions, software. In this regard, you can imagine how difficult it is to maintain the Java programming language and JVM, not to mention security issues.

On this moment Java Development Kit 10 has been released, which offers us standard security mechanisms released for Java SE 8 and described in the Security Documentation. The tenth version did not add anything new.

I note that Oracle has a Java Security Resource Center. Overall, the company divides Java security into four main sections:

A) developers must:

Monitor and use all the latest development and security updates;

Use code correctness control programs (for example, Checker Framework);

B) system administrators must:

Monitor and use all the latest updates for Java and the necessary components for the product to operate (including OS, libraries, frameworks, etc.);

Use the Java deployment rules described by and ;

Use a reliable timestamp.

B) end users must:

Always use the latest original version of Java;

D) security professionals need to:

Use advanced management and security tools (for example, Advanced Management Console);

Monitor the timely installation of all security updates;

It is important that everyone follows and complies with safety rules and requirements. It is possible to achieve a state of security at an adequate level only together and using all available measures (technical, organizational). As my practice shows, in 60% of organizations, IT and information security services are fine with security, as well as with users who use corporate devices and are connected to a single domain. But the most uncontrolled in this area are developers, team leads, and architects.

Software development and security issues

More broadly, the main causes of security problems in applications during software development are the following:

A) Lack of understanding of security terminology in general, not to mention specific knowledge and applied solutions.

As a rule, developers at best associate security with the following things: access management and logging and password protection, less often - connection security on https level(using encryption mechanisms that are available out of the box by default). That is, formally they will use security methods, which in fact will remain formal, “for show,” without taking into account the requirements and nuances:

For passwords: default values are usually used and the length, strength, frequency of change, non-repetition, and number of attempts are not additionally configured. Quite often, these parameters cannot be further adjusted, since they were not included in the software development scope task, which leads to the need to add code.

Regarding access management and logging: in the best case, developers described user groups or roles and access objects that should be available in the software. At worst, the developers themselves “divided” sections and objects into those needed by users and administrators. In the first case, we get a system that can be flexibly configured, but requires a significant amount of time to be spent setting up and agreeing on rights. In the second - a formal access control system. In addition, developers need to understand what information and to what extent needs to be logged. However, they are often not given this information, which results in logs that are not detailed enough to investigate incidents or understand what is happening in the software. Or to excessive storage of logs and a large amount of information, which imposes significant restrictions on the ability to store information for the required period of time (for example, one to three years) or there is a need to purchase additional information storage facilities. When information is recorded excessively, additional problems arise with the speed of analysis and analysis of incidents and the speed of finding the necessary information. Redundancy may also require additional funding to expand staff, purchase SIEM systems with setting up unique rules for processing information, or lead to risks associated with out-of-date information. At the same time, too much time is spent on analyzing and processing information.

Protecting communication channels is an equally important point, especially for payment and banking systems, where in addition to the disclosure of personal and private data, financial losses are possible. Most often, it happens that they do not think about protecting the channels and information transmission medium, and if they do, they use the “default” settings, for example, TLS/SSL. But it also has its own peculiarities regarding the choice of protocol version (TLS 1.1, 1.2, 1.3 or SSL v1-3), encryption algorithm (RC4, IDEA, Triple DES, SEED, Camellia or AES), and key length. Sometimes, for example, the correct TLS 1.2 protocol is selected, with AES encryption, a key length of 256 bits, but the ability to select an address on port 443 for HTTPS and or port 80 for HTTP is forgotten, instead of blocking port 80, resulting in it becomes possible to gain access via an unsecured channel. Or, for example, they raise the infrastructure to virtual machines and don’t think at all about the need to close network access between virtual machines.

B) The second problem is related to business, since it invests money in specific special functionality that does not take into account security blocks.

Unfortunately, businesses do not always understand why they should spend resources on security units if they have no functional benefit, the product will not bring in more money, and there are only probable risks that may not work. Businesses more often understand the need to invest in security when an information security incident has already occurred.

Unfortunately, this is not only the fault of the business, but also its environment, which:

Also doesn't understand safety;

The budget for information security specialists has been spared (they are not hired at all, or highly specialized specialists are hired, or one person is hired who is responsible for everything);

Failed to convincingly convey the need for security and correctly justify current risks (reputational, financial, time).

C) Problem with communication in the company or lack thereof.

This is the case when a business and its environment understand the need and importance of information security. They have allocated budgets and hired appropriate specialists, but difficulties arise in communication between business units and information security/IT services and developers.

D) Lack of awareness of ordinary company users in information security issues.

Let's assume that there are all the necessary units, specialists, technical and organizational measures. But users are stubborn and don’t want to work according to the rules. This is a very common situation, and it also needs to be solved comprehensively, since people do not understand why they need extra work to comply with information security issues (scan files with an antivirus, remember complex passwords, know and comply with policies and business processes, etc.). It is necessary to periodically organize master classes, explain at the everyday level what information security is, what problems and solutions there are, communicate the global goals and objectives of information security, their impact on business, and motivate.

E) Lack of information security architects - information security specialists are not always involved in software development, and programmers themselves think about the security of the architecture and the use of written and ready-made security patterns.

Developers do not and cannot know all the nuances, since their task is to complete the development and move on to the next one. If you delve into the development itself, the process is much more complicated than it seems. Therefore, it is necessary to clearly receive a task from the business, decompose it into understandable mini-tasks for developers, carry out development, conduct alpha and beta testing, load and functional testing, correct errors, return to tests - this process is cyclical and long. Therefore, it is not surprising that they do not have enough resources to think through the safety of the product to the smallest detail.

In order to talk about security, the problems described above must be solved. I do not specifically describe solution options, since everything depends on specific problems, environment, and conditions. There is no universal pill and all possible measures must be used. The main task is to ensure that all company employees understand, understand and comply with information security requirements and are interested in complying with them. And only then will it be possible to talk about the effectiveness and good level of information security maturity in the company.

Let's learn Java. Technologies included in J2EE

Send your good work in the knowledge base is simple. Use the form below

Similar documents

What are "Java Technologies"?

Why should you learn Java?

What technologies are the main components of the Java platform?

Java Technologies and Web Application Creation

Java technologies, SOA and Web services

What does Java have to do with dynamic languages ​​and functional programming?

Java and free software creation

How to develop Java programming skills?

IBM products and technologies for Java developers

What is the Java programming language?

Java version history

Java Programming Language Features

Java is a cross-platform language

Object-oriented programming language

Java is fast

Java is a secure platform

Extensive core library

Application of the Java Platform

Java Terminology You Should Know

How to run Java on your operating system

How to Run Java on Mac OS

javac –version

How to Run Java on Linux

java –version

Installing IntelliJ IDEA

How to Run Java on Windows (XP, 7, 8 and 10)

Installing Java

Installing IntelliJ IDEA

Your first Java program

How to learn Java?

Official Java Documentation

Instead of a conclusion

Major Java versions and products

How to be secure in Java

Software development and security issues

Popular articles

Latest articles

Sections

Pages

Special projects

Contacts

What does Java have to do with dynamic languages and functional programming?