JEPs

You’re Running Untrusted Code!

I’m afraid the deprecation of the Security Manager just added several lines to that risk, all linked to running untrusted code.

New Java 17 Features for Improved Security and Serialization

In December 2020, I wrote the article Serialization and deserialization in Java: explaining the Java deserialize vulnerability about the problems Java has with its custom serialization implementation. The serialization framework is so deeply embedded inside Java that knowing how dangerous some implementation …

Getting Started with Java 17 and IntelliJ IDEA

A new Java release every six months can be exciting, overwhelming, or both. Given that Java 17 is also an LTS release, it’s not just the developers but enterprises also noticing it. If you have been waiting to move on from Java 8 or 11, now is the time to weigh its advantages.

Project Panama for Newbies (Part 3)

We are going to dig a little deeper in our exploration of Project Panama and how to talk to third party libraries such as SDL & OpenGL.

With the skills you’ve learned from Part 1 and Part 2, you should be able to call most of the common function signatures in many libraries out in the wild.

Project Panama for Newbies (Part 2)

Welcome to Part 2 of this series, in which we will look at C language’s concept of pointers and structs.

Later on in this article, we will use Panama to mimic these concepts.

The goal is to call C function signatures that are often defined to accept pointers and structs.

Project Panama for Newbies (Part 1)

In this series of articles, we will explore the APIs from OpenJDK’s Project Panama.

My intent is to show you how to be proficient in using the Foreign Linker APIs (module ‘jdk.incubator.foreign’) as it relates to Java interoperability with native code.

While this article is for newbies, I assume you know the basics of the Java language, a little bash scripting, and a familiarity with C programming concepts. If you are new to C language don’t worry I will go over the concepts later.

Learn JShell with JavaFX in 60 Seconds

We started with an introduction of the basics of using jshell. Next, you got a chance to learn how to run a JavaFX application file from a terminal command prompt and from within jshell’s command prompt.

After that, launching the application we were able to change the color interactively by setting the public static member variable color.

Lastly, we learned how to stop a JavaFX application properly via /reset command.

Avoid Multithreading Bugs Using Immutable Java 16 Records

In a multi-threaded Java application, any thread can change the state of an object.

The Java memory model in Java language specification specifies when exactly updates made by one thread are going to be visible to other threads.

This is one of the biggest problems professional Java developers deal with every day.

Java records are immutable. An object is considered immutable if its state cannot change after it is constructed. The immutable nature of records eliminates problems of its usage in a multithreaded environment.

JEP 411: What it Means for Java’s Security Model and Why You Should Apply the Principle of Least Privilege

Java, like most platforms or languages has layers of security. This article intends to look at Java’s Authorization layer, which is unlike in other languages.

We will also distinguish between two different ways this layer is typically utilized and why one is effective while the other isn’t.

Furthermore, we investigate why JEP 411 only considers the least effective method and hopefully we will increase awareness of the Principle of Least Privilege as it is applied to Java Authorization, improve adoption and encourage people to take advantage of the improved security it provides.

We hope to prolong its support and possibly even improve it in future.

The Principle of Least Privilege and How JEP 411 Will Have a Negative Impact on Java Security

The SecurityManager and associated infrastructure are the foundations upon which to build secure software, but by themselves are insufficient for limiting users and Java software to the principles of least privilege.

JEP 411 removes the SecurityManager and AccessController.

In doing so, your library code will be able to run with the full permissions of its Java process, which is the same as running with none of the permission checks that were used to harden Java’s API.

If an attacker breaks into your Java process via some other vulnerability, they will be able to load their own byte codes, and pretty much do whatever the process permissions permits them and possibly more if your system has other vulnerabilities.

Java 16 and IntelliJ IDEA

If you are still working with Java 8, you might have mixed feelings about the news of the release of Java 16. However, you’ll see these numbers are going to increment at a much faster and predictable rate with Java’s six-month release cadence.

I’m personally excited about Java 16! It adds Records and Pattern Matching for instanceof as standard language features with Sealed classes continuing to be a preview feature (in the second preview).

Fun fact – Records was voted the most popular Java 16 language feature by 1158 developers in this Twitter poll, with Pattern Matching for instanceof second.

In this blog post, I will limit coverage of Java 16 to its language features, why you need them, and how you can start using them in IntelliJ IDEA. You can use this link for a comprehensive list of the new Java 16 features. Let’s get started.