Secure Design Patterns (Java Examples)

This repository collects small, runnable Java examples for six common secure design patterns. Each pattern demonstrates how to weave security controls—such as authentication, authorization, and least privilege—directly into the design rather than bolting them on later. The goal is to provide students with concise reference implementations and practical exercises they can compile and run locally.

Patterns Included

• Secure Factory – Centralizes object creation and validates credentials before instantiating connections.
• Secure Builder Factory – Combines factories and builders so only trusted builders can assemble sensitive objects.
• Secure Strategy Factory – Chooses algorithms (password, token, biometric) at runtime based on caller privileges.
• Secure Chain of Responsibility – Passes requests through a pipeline of validators (logging, authentication, authorization).
• Secure State Machine – Models authentication/authorization as explicit states with guarded transitions.
• Secure Visitor – Adds new operations (guest/admin access checks) to protected content without modifying the content classes.

Repository Layout

Each pattern lives in its own folder with a src directory containing a Main class (or package entry point) and supporting types:

SecureFactory/
SecureBuilderFactory/
SecureStrategyFactory/
SecureChainOfResponsibility/
SecureStateMachine/
SecureVisitor/

How to Run the Examples

All projects are plain Java (no build tools required). From the repository root:

1. Compile the pattern you want to explore into a temporary out directory.
2. Run the entry point listed below.

Example for the Chain of Responsibility sample:

cd SecureChainOfResponsibility
javac -d out $(find src -name "*.java")
java -cp out Main

Entry points by pattern:

• SecureFactory: java -cp out org.secureFactoryExample.client.SecureFactoryExample
• SecureBuilderFactory: java -cp out Main
• SecureStrategyFactory: java -cp out Main
• SecureChainOfResponsibility: java -cp out Main
• SecureStateMachine: java -cp out Main
• SecureVisitor: java -cp out Main

Tip: delete or reuse the out directory between runs to recompile with fresh changes.

Learning Objectives

• See how security checks live alongside business logic in each pattern.
• Understand the roles and responsibilities of interfaces, abstract classes, and concrete implementations.
• Practice extending the examples (e.g., adding a new credential type or visitor) while keeping security invariants intact.

Each pattern README contains a deeper explanation, walkthrough, and security considerations to guide experimentation. Have fun exploring!