8.2 Permission-Based Security Fundamentals

8.2 Permission-Based Security Fundamentals

Before we launch into a detailed discussion of the MX4J security design, we'll quickly review the fundamental concepts behind Java's permission-based access control mechanism.

8.2.1 Permissions

In the Java 2 security model a permission is the authority to access a particular resource or to perform a particular operation. The class java.security.Permission and its subclasses represent permissions at runtime. For example, in the statement

 FilePermission fp = new FilePermission("/etc/passwd",      "read, write"); 

fp represents permission to read and write the /etc/passwd file. In the statement

 RuntimePermission rp = new RuntimePermission("exitVM"); 

rp represents permission to shut down the JVM.

FilePermission and RuntimePermission are part of the standard set of J2SE permissions. MX4J defines its own permissions to control access to JMX-based resources and operations.

8.2.2 SecurityManager

The Java SecurityManager class is responsible for enforcing security policy. It does so by determining whether or not the class making a given request has the necessary permission. In code these checks generally take the following form:

 SecurityManager sm = System.getSecurityManager();  if (sm != null) {   sm.checkPermission(new  <RequiredPermission>(target, action)  ); } 

If the call to checkPermission() succeeds, execution continues normally; otherwise a SecurityException is thrown. The checkPermission() method succeeds if the permissions associated with the class calling it either contain or imply the permission that is passed to it as a parameter; that is, in the preceding example, checkPermission() succeeds if the class calling it has been granted RequiredPermission(target , action) .

8.2.3 Policy

Permissions are granted to classes via Java's policy mechanism. By default, policy is specified by statements in a simple policy language. For example, the policy "any class signed by Root may read and write /etc/passwd " is specified by the following statement:

 grant signedBy Root {    java.io.FilePermission "/etc/passwd", "read,write"; }; 

Permissions may be granted to code signed by a specific signer as just illustrated , or to code loaded from a specific URL, as here:

 grant codeSource file:/opt/java/mx4j.jar {    java.util.PropertyPermission "java.home", "read"; }; 

This statement allows code loaded from /opt/java/mx4j.jar to read the java.home system property.

A concrete extension of the abstract class java.security.Policy is responsible for reading policy statements and mapping from a class's code source and signer attributes to the corresponding permissions at runtime.

In this section we have identified only the principal aspects of the Java 2 security architecture. For a detailed treatment of the topic, see Li Gong's book Inside Java 2 Platform Security: Architecture, API Design, and Implementation (Addison-Wesley, 1999).



Java and JMX. Building Manageable Systems
Javaв„ў and JMX: Building Manageable Systems
ISBN: 0672324083
EAN: 2147483647
Year: 2000
Pages: 115

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net