JVM Calendar: Java Security Animated

Overview

Java security has been inherently a complex topic ever since the introduction of the security sandbox model in JDK 1.2 and the evolution of security APIs provided by the JDK. A similar issue is observed with the concurrency utilities and a tool called Java Concurrent Animated, which has been developed in order to lower the entry barrier towards these utilities in a fun and entertaining manner.

Java Security Animated provides a sequel of Java Concurrent Animated (with the kind approval on the naming by the author Victor Grazi) with the idea to cover as much as areas as possible such as the JDK security sandbox model, the security JDK libraries, security of major frameworks (i.e. OSGi, JavaEE, Spring) and major security libraries (such as BouncyCastle) in as less details as possible but comprehensive enough for newcomers to the security world of the JDK. On the other hand, it also aims to be a reference for people already experienced with some of concepts and utilities presented and willing to expand their knowledge without digging too much.

The pre-alpha version of the tool provides a series of short tutorials on the security sandbox model of the JDK and the security APIs provided at present by the JDK. Each section contains relevant snippets, information, and diagrams (and later on more animations where relevant) on present topics. Viewers have the possibility to more across section using a custom player at the bottom of the screen (by default sections are automatically displayed over a period of few seconds but certain section can be paused upon if more time is needed to understand the present content).

Implementation

The tool is implemented with Java Swing, and additionally, java2D is used for the custom diagrams and animations. The menu of the left is placed under a separate javax.swing.JPanel instance and the logic and drawing of each particular section is provided by a separate java.awt.event.ActionListener listener instance. Each subsection is provided by a separate method (step) that is registered in the sequence of steps that constitute the particular section from the menu. Common utilities used for the animations are provided by a custom GraphicsLibrary class as a collection of static methods.

Future Development

There are many areas that are a target for future development as part of the Java Security Animated tool, in particular:

• the ability to execute the various snippets provided in the separate sections directly from the tool;
• exercises around the topics being presented that would allow people play around with the various APIs and concepts presented;
• gamification that further allows to illustrate the presented concepts;
• smoother transitioning between the various steps with more animations;
• content for more frameworks and libraries (like BouncyCastle) that is currently not available;
• more involved topics and latest JDK enhancements (such as DTLS);
• more tips and tricks on applying the various concepts and APIs.

Contributions

Java security is an evolving topic as seen in every major JDK release — from security-related bugfixes to improvements around the various security utilities and developer of new security APIs corresponding to the needs of developer community and trends in the field of AppSec. So is Java Security Animated, and for that reason, anyone willing to contribute to the tool may do so by providing either content, suggestions, or pull requests enhance the information provided by the tool.