Question
I'm a little confused with how Java (6+) distributes its security framework. On one hand, you have the following packages (and their respective subpackages & types):
https://stackoverflow.com/questions/20220656
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianjava.security.*javax.security.*And on the other hand you have java.lang.SecurityManager, and possibly other security-related types sprinkled in other non-security packages (like java.lang).
So, several questions:
java.security and javax.security? When to use types in each?java.lang, are there any other packages where security-centric types appear, and if so, what are they?Solution
The split has mainly historical reasons. Once upon a time there were export restrictions on cryptographic software in the US.
As a rule of thumb: Stuff related to signatures is found in java.security, the rest (ciphers, ...) in javax.security.
The JRE nowadays comes with the standard security provider bundled in, so JCE is part of the platform.
