Because Java is a language that doesn't just support but emphasizes network computing, security is a fundamental part of its design and implementation.
If a computer operates in a stand-alone mode, the owner/operator is responsible for loading software and data and, thus, bears responsibility for any security flaws related to them. However, if software as well as data can be loaded over the network, the developers of Java assumed they bore some of the responsibility for protecting users of their systems from at least some security flaws. Hence, the emphasis on security in Java.
Security is not a singular concept. Several of the different kinds of flaws and their associated safeguards are outlined below.
Confidentiality
A message sent from A to B is not read by C. The usual approach to providing confidentiality is encryption.
Authenticity
A message said to be from A is really from A. Authenticity is protection against spoofing. The usual approach to providing authenticity is through some form of digital signature.
Validity
A message sent from A to B has not been replaced or modified by C. The usual approach to providing validity is by sending some form of hash or digest of the message along with the message.
Benignity
A program (applet) loaded from the network through a WWW browser will not harm the user's system in certain stipulated ways. The usual way of insuring an applet is benign is through a SecurityManager run by the browser.
Access
A set of files and directories is made available to particular users and/or groups and not others, for several types of operations, such as reading, writing, and/or changing access rights.
References
Sun's Java Tutorial includes several useful discussions of security. One covers security in JDK 1.1, another security in JDK 1.2, a third covers security in JDK.4, including Java Authentication and Authorization Service (JAAS).
A very simple and clear tutorial for concepts that underlie SSL, including certificates and public/private key encryption, is Netscape's How SSL Works. An excellent tutorial on Kerberos is Brain Tung's The Moron's Guide to Kerberos, Version 1.2.2.
An excellent, but now dated, discussion of Java security can be found in Hughes, M; Hughes, C; Shoffner, M.& & Winslow, M. (1997). Java Network Programming. Greenwich, CT: Manning Publications Co. It is written with respect to Java 1.0, but discusses security issues in some depth, including the major encryption standards and algorithms. It also shows in detail how to design and implement the basic security mechanisms that have now been incorporated in subsequent versions of Java. This discussion will be especially helpful to anyone wishing to build alternative or go beyond Java's inherent mechanisms.