Whenever anybody tries to get to know about Java, the person comes across multiple buzzwords or abbreviations or conceptual points, which is difficult to grasp for a newbie.
Although, the things will be clear when the whole concepts will be taught, for now, a bit of primer to those buzzwords is must to easily understand the Java platform.
We have tried to compile the list of Java Buzzwords:
All these Java buzzwords were part of the design goals of the next solution(which turned out to be Java Platform later on) designed by James Gosling.
So basically these buzzwords are the key characteristics of the Java Platform.
Let me directly quote James Gosling on Java being Simple. "Primary characteristics of the Java programming language include a simple language that can be programmed without extensive programmer training while being attuned to current software practices.
The fundamental concepts of Java technology are grasped quickly; programmers can be productive from the very beginning."
In a nutshell, it means, easy to grasp and without extensive modifications.
It was challenging to develop and maintain complex systems in imperative or procedural programming languages like C.
While witnessing the success of C++, Java was designed as Object-Oriented Programming from the ground up.
Everything is represented as objects in Java. Well, not exactly: you can still create primitive variables and arrays.
If you are creating a Library Management System, then books, shelves, Members, Staff, and other stakeholders, all will be represented as objects.
Java has been designed to create reliable software by providing a multi-level check at compile-time and run-time.
Also, all the devil features of C/C++ like pointer and memory management has been removed at developers end and made simplified, which increases the probability of robustness.
Java project was the solution to solve the distributed* application, and networked application’s problems, hence security was of utmost importance.
Java platform provides features in the programming and runtime environment that let you create applications that can’t be invaded.
* Distributed applications are applications that have different modules that communicate via different underlying technologies.
The dynamic character of language is attributed to the Java Platform based on how the classes are linked at run time. The run-time code which will be invoked to run is decided at run-time only.
The Java interprets Java bytecodes. Java interpreter is part of Java Virtual Machine(JVM) which does other works too.
Java provides the features to create multiple threads to process various tasks in parallel. A thread is a separate branch of execution which resides in the same JVM process.
Java is designed to work in a distributed environment that is generally heterogeneous in nature.
It demands abstraction at the level of hardware and operating system such that any Java code can run on any underlying platform without worrying about the hardware or operating system.
This architecture neutrality is made possible through Java bytecodes which is the result of Java compilation. Once a bytecode for a code is created, it can be run on any platform. Write Once, Run Anywhere.
Java Virtual Machine(JVM) is an abstraction machine. If a JVM is created for a platform, it is capable of running any bytecode coming from anywhere, without worrying about the underlying platform. Portability is not different from Architecture Neutrality. Instead, it is an extension of it.
The extension part is the Java specification which makes the JVM implementation same across all platform so that any bytecode is compatible with any JRE.
So, a mix of Architecture neutrality and JVM implementation, according to Java specifications, makes it truly portable.
Java delivers its performance from multiple improvements. First, It decouples the bytecode interpretation from the run-time check.
Second, it handles the memory management from a separate thread, hence removes some memory management performance burden. Third, it provides the developer to write computation-intensive programs in machine code with java interfacing. Hence the high performance. Just-In-time compiler is another significant improvement.
The characteristics mentioned above are the ideal fit to create distributed applications.
Java development phases consist of converting the source code to bytecode, and then JVM converts the bytecode in machine-dependent binary and executes it.
Here, in this conversion lies The magic of bytecodes. This intermediate step of converting the java source code to bytecode is not incidental but intentional as part of design goals. What they were trying to do was to create a solution for network-based applications where the code can be transferred from one machine to another without creating any problem, in a heterogeneous environment meaning different underlying operating systems.
The solution was Java Bytecode.
JVM understands only bytecodes. So if we can convert any language’s source code to byte code then we can run it on JVM.
In this way, we can leverage the different programmers in the Java platform.
In another way, different programmers can leverage the Java platform’s features with this. With the popularity of Java language, there are now many JVM based languages in the market.
For example, Java, JRuby, Jython, Groovy, Scala, etc. So you can write in any of these programming languages and run it on JVM.
JVM converts bytecode into machine code, depending on the underlying operating system.
So, each operating system has different Java implementation (JVM). So the developer need to produce bytecode and thats it. It can be sent to any machine having JVM, and it will run. In languages like C or C++, you needed to compile and link the source code according to the operating system.
So if you want to use C code compiled for the 64-bit operating system on a machine having a 32-bit operating system, it can’t be done.
You need to recompile and relink all the source code on that 32-bit machine, and only after that, you will be able to use that.
It is another mess when these 32 bit and 64 bit operating systems are of different kind meaning like Windows and Linux. This is not a problem with Java. Once you have compiled the source code to bytecode, it can run on any operating system on any machine provided you have installed the proper JVM.
Hence, Java community markets the slogan of ‘Write Once, Run Anywhere’.
So if Java is platform-independent, as explained earlier, we can package different java components in bytecode form.
Users can use these ready-made components without worrying about the operating system. And this is the trend in the java community. Thousands of Java APIs have been built to be used by Java developers. Someone builds it, and someone else uses it.
You can find almost any Java API for the features you want. You want to play with XMLs; there are jars(third party java libraries) for that.
If you want to play with PDFs, you have jars for that. If you're going to build pie-charts, you have java libraries for that too.
Java community is so big that you will find almost everything you need to build your software.
With the transfer of bytecode from one machine to another to operate in a distributed environment, security was a big concern.
This concern was easily recognized by the Java design team and made the ‘Security’ a part of the design goal. If any manipulation has occurred in the bytecode while transferring it from one machine to another, JVM takes care of it. It sieves the evil bytecode from the authenticated.
To know more about Java Security, visit our tutorial How Java is Secure?.
As arguing with each other, every Java programmer or learner must have defended the security aspect of Java, at one time or another, without knowing exactly what it is and how exactly Java is Secure.
The question frequently arises while comparing Java with other popular programming languages like PHP or .NET framework. While the PHP programmer questions the ability of Java by giving the example of Facebook like applications, with these types of arguments Java programmer hides in the security aspect of Java. Java programmer: “SO WHAT? Java is Secure?.
Without knowingly or unknowingly, the security aspect of Java has traveled along with Java.
So the question arises as to how exactly Java is Secure to code?
Before dwelling into how Java is Secure, we all must have some idea about what exactly we understand from insecurity.
The general word we use for these kinds of things is Hacking or Information Security stuff. Basically, it means that whatever product you build with any platform (like Java ), it should not be penetrable from outside in any way. If the product gets penetrated, then it is insecure.
Now there are many methods already developed with the help of which attack is possible. This attack deals with many aspects like production physical security, production servers, operating systems running on production, Web or application servers on which our website is running, etc.
So the role of Java in these different layered aspects is to handle the penetration when directed towards the application/product itself like attaching something in the code which will get executed with other code, coding failures which throw the server details in some way and like that.
Java or any other platform can’t do anything if penetration is done at the server level or operating system level and likewise. Java does not have any scope down there.
So with this understanding, we can proceed with knowing how Java is Secure. With these, we mean that How Java takes care of the problem at the application level.
JVM only understands bytecode. If it will get it, it will run it. It may be possible that the bytecode has been modified in some evil way and mixed with usually compiled bytecode and then sent to JVM.
JVM has a built-in verifier that segregates good bytecode from corrupt bytecode. It has multi-level checks and algorithms to enforce the legitimacy of the bytecode. A complete description of the verifier can not be covered under the scope of this tutorial.
But for the outline, it checks for class format, operand stack overflow, and type checks, etc.
Class loader in JVM works on the concept of namespaces where it segregates the bytecode coming from the URL and coming from inside the firewall.
It has different checks for the class bytecode before loading.
The Java security manager defines the security policy of an application. This security policy can have whether a particular task performed by the application is permitted or not.
Java comes under strictly typed language meaning while declaring a variable or class; the programmer has to tell precisely what type of data/object will this variable hold.
It restricts one malicious object to ‘behave’ like others.
Evil bytecode may customize your bytecode by sub-classing it or in any other way.
Java access modifiers help the code to have a different access level.
For example: If you do not want any class to be inherited, make it final.
Like C, you do not need to manage the memory with pointers. Memory management has been made abstract by JVM.
So at run-time, code is incapable of playing with memory to create the issues. Also, there are array index checks at runtime, which stops a lot of problems. But still, a memory leak can be a problem.
JDK provides different APIs for different security aspects like cryptography API, authentication API, security service providers, digital certificate handling API for safe communication.
The phrases like Java is the most secure language, or Java means security or just hypes.
At any given day, any programming language can be a better target than the other, especially with zero-day attacks.
It is just that being its origin in a networked application, Security was a design goal of Java.
So, Java got its inherent character of security in this way
Learn about Inheritance in Java & Selenium