Is it possible to prevent Java from swapping out certain objects?
This would be relevent if I cache a password inside a client Application for subsequent logins into a remote Service or for decrypting data from the local disk.
Unless the user does not encrypt his swap space, the password would appear as clear text in the swap space.
I googled around a while. I was suprised to find noting releated so far.
You can't; It's operating system who decides which pages are swapped out, not application.
Even if you could, the user can suspend his system, thus dumping all his memory to disk!
Swap memory management is Operating System stuff, I think there's nothing you can do from userland. You should understand that if you could do such kind of things It would violate the privilege separation between different processes.
Anyway, local security is a difficult matter as you've pointed but the good news is that you shouldn't care so much about local security. If you're so worried about it, you should worry about the security model you're using...
There are ways in some operating systems to stop processes from swapping. But you really shouldn not store passwords for a longer time in memory. It's just not safe.