Security Workbench Development Environment for Java 2.0.126

• determine permission requirements for Eclipse plug-ins, OSGi bundles, and Java applications
• determine what portions of Eclipse plug-ins, OSGi bundles, and Java software should be made privileged
• improve cycle time in performing security analysis of Eclipse plug-ins, OSGi bundles, and Java applications
• enable Java, OSGi, and Eclipse update site administrators to inspect JAR files
• include an Eclipse-based, graphical user interface for JAR signing
• manage digital certificates with a KeyStore editor, which supports viewing and editing of keystore entries (such as changing certificate aliases, removing certificates, copying certificates between certificate stores, and importing certificates from the file system). 

• JAR files
• Java projects
• Eclipse plug-ins
• plug-in projects
• plug-in folders
• OSGi bundles

This set of Eclipse plug-ins performs static analysis of Java programs. The Authorization Analysis functionality determines which authorizations are needed in order to run Java code when a SecurityManager is enabled. The Privilege Code Analysis functionality identifies which portions of code could be made privileged. The JAR inspection functionality provides for the inspection of JAR files, revealing methods, certificates, and OSGi plug-in permissions. The keystore editor allows management of certificate and key entries through the Eclipse user interface. The JarSigner plug-in provides a dialog box interface to the Java jarsigner utility. 

• Java developers who want to identify the Java 2 security permissions required by their code; detect the portions of their code that should be made privileged; sign their code prior to deployment; or inspect a Java Archive (JAR) received from a third party
• administrators who wish to determine the security requirements for third-party applications.

A note about static analysis: Static analysis of a Java application means that the software being analyzed is never executed; instead, its associated bytecodes are inspected programatically, and the execution of the application is merely modeled. Source code is not a prerequisite for determining privilege requirements or inspecting JAR files. 

• Corrects problems with the analysis of JAR files, Java annotations, and enumerations.

• Operating systems: Windows 2000, XP (workstation or server)
• Software:
• • Java Development Kit 1.5
  • Eclipse 3.2 or above