Java - Interview Questions

Java - Object Oriented ProgrammingJava - Objects & ClassesJava - Data TypesJava - VariablesJava - StringsJava - ArraysJava - CollectionsJava - Date and TimeJava - ReflectionJava - Lambda ExpressionsJava - StreamsJava - GenericsJava - ExceptionsJava - IOJava - ThreadsJava - ConcurrencyJava - JDBCJava - NetworkingJava - SecurityJava - JVM InternalsJava - PerformanceJava - New in Java 8Java - New in Java 9Java - New in Java 10

Top ranked courses to help you master Java skills.
Java Programming Masterclass


Offered By - Tim Buchalka
Platform - Udemy
Rating - * * * * *
Students Enrolled - 575,000 +

Behaviorial Interview
Top resource to prepare for behaviorial and situational interview questions.

STAR Interview Example
Java - Security - Interview Questions

Java provides a robust security platform that makes it easy for Java developers to develop secure Java applications. But Java security is a difficult topic to prepare or master for Java programming interviews. Java security is a huge and complex topic, with security features available at different levels and layers of the platform. Often times, when your are preparing for a Java interview, it is even difficult to figure out where to begin.

This post make it a little easier by structuring the Java security interview questions into JVM specific security questions, Java API specific security questions, and common security plug in interview questions.

Describe the Java security architecture.


Security is provided by the Java platform through a number of mechanisms.

Secure environment - Java programs run in a secure and restricted environment. The level of access that a Java program can have to important system resources can be restricted based on the trustfulness of the program

Java language features - Java programming language provides a number of in-built features such as automatic memory management, garbage collection array and string range checking etc. which enhances the security of a Java application.

JVM features JVM is designed to provide secure environment for Java applications to be run in - JBytecode verifiers ensure that only legitimate and valid Java bytecodes are executed by the JVM. Java class loaders ensure that only legitimate and secure Java class files, which do not interfere with the running of other Java programs are loaded into the JVM. Access to important resources is provided through the JVM, and is pre-checked by SecurityManager class to ensure that access or restrictions of a resource to a specific resource.

Plugins - Additional security features can be plugged in into the platform and used by Java programs.

How did Java's security model evolve over time?


Security has been an integral part of Java platform since its introduction.

Java 1.0.x - Java started with a security model, commonly known as the sandbox security model. In this model all Java programs run locally are considered trusted, and can access local resources. Java applets, which are downloaded over the network, are considered untrusted and cannot access resources beyond the sandbox. Access to resources is mediated through the SecurityManager class

Java 1.1.x - Java 1.1.x introduced the concept of 'signed applets', which allowed downloading and running Java applets as trusted code after verifying the applet signer's information.

Java 2 (J2SE) - Java 2 platform provided significant changes and enhancements to security.

  • J2SE introduced the concept of 'protection domain' and 'security policy' and 'Permission'. A protection domain is configured by grouping classes by associating them with a 'security policy' which contains a set of 'permissions'. The security policy determines if a code can be run on a protection domain or not. SecurityManager enforces the required security policy.

What are the key security features provided by Java programming language?


Java programming language has several inherent features that contribute to the security of the Java application

  • Java is designed to be a type-safe language and is easy to use. Java type safety is enforced by the java compiler and is checked by the runtime environment.This results in an overall secure environment for Java programs to run in.
  • Java language does automatic range checking on arrays which reduces the burden on developers, results in less programming errors and leads to a more safer and robust code.
  • Automatic memory management - Java has automatic memory management and the memory is freed automatically by garbage collection. Java has transparent storage allocation, which is not defined in the Java or JVM specs. This makes it difficult for anyone to perform memory hacks.
  • Java has access control features to control access to variables methods and classes. This is implemented via the public, private, protected and default access modifiers.
  • Final classes and methods - Classes and methods that you do not want to be sub-classed can be defined as final. This protects the code from malicious attacks via creating sub-classes and overriding the methods.

What are the key security features provided by JVM?


JVM has many in-built and inherent security features in its design.

Class loaders - Class loaders which are responsible for loading class files into the JVM have many inherent security features.

  • Class loaders load classes into distinct name-spaces based on the class loader that loads the class and the source of the class files. Class loader provide a shield between classes in different name-spaces, essentially preventing a class in one name-space from corrupting a class in another name-space.
  • Class loaders guard the boundaries of trusted code libraries such as the Java API libraries from untrusted code. For example, the class loader will not load any class that claims to be a part of the Java API library.

Class-file verifiers - The JVM has class-file verifiers that ensure that untrusted class files loaded into the JVM are not corrupted and are safe for the JVM to use.

  • The class-file verifier checks that the class adheres to the Java programming language specifications.
  • The class-file verifier checks the integrity of the bytecodes within the class file. It checks that the bytecodes are internally consistent and structurally correct.

Bytecode verifiers - After the class-file verifiers ensure that the file is safe to use, bytecode verifiers in the JVM checks the bytecode within the class-files and ensures that the class-files are safe to run in the JVM.

  • Bytecode verifies performs a data-flow analysis on the bytecodes and verifies the integrity of the bytecodes
  • The bytecode verifier ensures that symbolic links to other classes, methods and fields are valid; else it throws an error.

What is the function of permissions class in Java programming language?


Java API provides the class which represents access to system resources such as files, sockets etc. and is a core part of Java security platform.

A number of specific permission classes, such as FilePermission, AWTPermission and SocketPermission are sub-classes of class.

Java Interview Guide has over 250 REAL questions from REAL interviews. Get the guide for $49.95 only.

What are protection domains in Java programming language?


Protection domains are groups of classes having the same permissions. Classes are grouped into protective domains, and permissions are associated to those domains.

What is SecurityManager in Java programming language?


The Java programming API provides the java.lang.SecurityManager class which mediates access to all resources. The SecurityManager class has a number of check() methods which determines if a class can access a specific resource. Example - checkRead() method determines if a class has read access to a file. checkPermissions() checks if the requested access has the permission based on the policy.

Important Keywords to Remember

Java security architecture
Java language security features
JVM security features
Class loaders
Class-file verifiers
Bytecode verifiers
Wrapper classes
Java Interview Guide


  SSL Secure Payment
Java Interview Quesiuons - Secure Payment
Java Interview Guide


  SSL Secure Payment
Java Interview Quesiuons - Secure Payment

Earn income using your skills and hobbies that you are passioniate about.

Earn Side Income with Photos
Earn Side Income with Writing

Transition out of you full-time job by creating businesses that you are passioniate about.