IO Stream, Object Serialization, and Security

1
I/O Stream, Object Serialization, and Security

2
I/O Stream

• To bring in information, a program opens a stream
  on an information source (a file, memory, a
  socket) and reads the information sequentially

3
I/O Stream

• A program can send information to an external
  destination by opening a stream to a destination
  and writing the information out sequentially

4
I/O Stream

• The stream classes are divided into two class
  hierarchies, based on the data type (either
  characters or bytes) on which they operate.

5
I/O Stream

• Character Stream
• 16bits

6
I/O Stream

• Byte Stream
• 8 bits

7
Byte Streams

• InputStream Class
• Super Class of all Input Stream Class
• Abstract Class to provide basic methods related
  to input
• OutputStream Class
• Abstract Class to give basic methods related to
  output

8
Byte Streams

• DataInputStream DataOutputStream Class
• Classes defining the methods carrying out I/O to
  basic type
• Classes implemented by being inherited from
  DataInput interface and DataOutput interface
• DataInOutStream.java

9
Byte Streams

• PipedInputStream class PipedOutputStream class
• Class to use the output of one thread as the
  input of other thread
• BufferedInputStream BufferedOutputStream Class
• Place a buffer at the middle for I/O operation to
  avoid the direct access to I/O stream
• BufferDemo.java

10
Byte Streams

• FileInputStream FileOutputStream Class
• FileInputStream Class
• To read the data from file
• If cannot open file, Throw FileNotFoundException
• FileOutputStream Class
• To write the data to file
• FilterInputStream FilterOutputStream Class
• Give methods to modify the data additionally when
  read/write the data
• ReadBytes.java WriteBytes.java

11
Byte Streams

• ByteArrayInputStream ByteArrayOutputStream
  Class
• Class to use the byte array as input object of
  input stream or output object of output stream
• Not blocked, unlike other I/O streams
• PrintStream Class
• To output the data as text form, this was
  implemented by extending FilterOutputStream class

12
Byte Streams

• File RandomAccessFile Class
• File Class
• Provide abstraction to deal with file name and
  path name dependent on the host platform as the
  file name and path name independent of the
  machine
• This will be explained in Character Stream also.
• RandomAccessFile Class
• Provide random access file system to support the
  more various mechanism than FileStream does

13
Character Streams

• Character Stream
• Deal with the Text File written in Ascii or
  Unicode
• Use a Subclass of Reader and Writer Class
• Sort of Character Stream
• Text File Read
• Text File Write
• File and File Name Filter

14
Character Streams

• Example Program
• Buffered Reader charStream new
  BufferedReader(new InputStreamReader(System.in))
• BufferedReader in new BufferedReader(new
  FileReader(foo.in))
• InputStreamReader Bridge from Byte Stream to
  Character Sream
• FileInputStream infile new File(foo.in)
• InputStreamReader instream new
  InputStreamReader(infile)
• StreamTokenizer strtok new StreamTokenizer(instr
  eam)

15
Character Streams

• Text File Read
• File Reader
• Read character from file
• Inherit the InputStreamReader
• Ex)
• FileReader look new FileReader(index.html)
• BufferedReader
• Read character from input stream and store them
  to buffer
• ReadSource.java

16
Character Streams

• Text File Write
• File Writer
• Write the character to file
• Inherit the OutputStreamWriter Unicode -gt Byte
• Ex)
• FileWriter letters new FileWriter(alpha.txt)
• BufferedWriter
• Write the buffered character stream

17
Character Streams

• File and File Name Filter
• To copy, rename and perform other operations for
  file
• File(String)
• File(String,String) Folder name, File name
• File(File,String) Path and File name
• Exists() check the existence
• renameTo(File) change the file name
• AllCapsDemo.java

18
Object Serialization

• What is Object Serialization?
• Process of reading and writing objects
• Writing an object is to represent its state in a
  serialized form sufficient to reconstruct the
  object as it is read.
• Object serialization is essential to building
  all but the most transient applications.
• Examples of using the object serialization
• Remote Method Invocation (RMI)--communication
  between objects via sockets
• Lightweight persistence--the archival of an
  object for use in a later invocation of the same
  program

19
Serializing Objects

• How to Write to an ObjectOutputStream
• Writing objects to a stream is a straight-forward
  process. Example of constructing a Date object
  and then serializing that object
• FileOutputStream out new FileOutputStream("th
  eTime") ObjectOutputStream s new
  ObjectOutputStream(out) s.writeObject("Today")
• s.writeObject(new Date())
• s.flush()

20
Serializing Objects

• How to Read from an ObjectOutputStream
• Example that reads in the String and the Date
  object that was written to the file named theTime
  in the read example
• FileInputStream in new FileInputStream("theTi
  me") ObjectInputStream s new
  ObjectInputStream(in)
• String today (String)s.readObject()
• Date date (Date)s.readObject()

21
Serializing Objects

• Providing Object Serialization for Your Classes
• Implementing the Serializable Interface
• Customizing Serialization
• Implementing the Externalizable Interface
• Protecting Sensitive Information
• ObjectFileTest.java ObjectRefTest.java

22
Security General Concept

• General Concept for Security
• Confidentiality
• Inability to see the contents by those who dont
  have permission
• Integrity
• To prohibit illegal modification
• Authentication
• To guarantee the trust of communicating each other

23
Security General Concept

• Confidentiality
• Symmetric Cryptography, Private Key Cryptography
• DES, IDEA
• Asymmetric Cryptography, Public Key Cryptography
• Knapsack, RSA

24
Security General Concept

• Integrity
• Message Digest can be used to check the integrity
• Hash Function
• Authentication
• To use Asymmetric Cryptography, Message Digest
• Digital Signature

25
Security General Concept

• Architecture
• java.security, javax.crypto
• Crypotgrapy, Key, Certification related
• Java Cryptographic Architecture
• General Design Scheme
• Java Cryptography Extension
• Limited to USA/Canada
• Access Control
• Security Policy, Permission Right
• Other Groups

26
SecurityManager

• SecurityManager class
• contains many methods with names that begin with
  the word check
• These methods are called by various methods in
  the Java libraries before those methods perform
  certain potentially sensitive operations.
• The invocation of such a check method
• SecurityManager security System.getSecurityManag
  er()
• if (security ! null) security.checkXXX(argumen
  t,  . . . )
• SetSecurity.java

27
Signed Applet

• Limitation of Applet
• File read from a system which runs the applet
• File write to a system which runs the applet
• Getting information about a file on the system
• Delete a file of system
• Connection to other system via web page include
  applet
• Window display does not include the warning
  message
• Refer the site http//java.sun.com/docs/books/tuto
  rial/security1.2/tour1/index.html
• And WriteFile.java

28
Signed Applet

• Meaning of Signed Applet
• Verify the identity of the program developer
• Question of allowing the out of limitation of
  sandbox
• Users Safety
• Applet is signed, and was not modified by third
  party
• The program developer is certified by CA, and
  user can verify.