8
Developing Secure J2SE Applications

This chapter describes how to develop secure Java2 Platform, Standard Edition (J2SE) applications using the Oracle9iAS Containers for J2EE (OC4J) JAAS Provider.

This chapter contains these topics:

• Developing Secure J2SE Applications Overview

• Authentication in the J2SE Environment

• Authorization in the J2SE Environment

• Testing and Executing an Application

• Sample J2SE Application

  Note: This chapter assumes that you have followed the management instructions in Chapter 8, "Developing Secure J2SE Applications".

Developing Secure J2SE Applications Overview

J2SE application developers develop, deploy, and manage Java applications on local desktops or servers. Using the JAAS provider enables developers to make these applications secure.

After the creation of realms and related components described in Chapter 6, "Integrating the JAAS Provider with Java2 Applications", the JAAS provider can be integrated into J2SE applications to provide the following services:

• Authentication in the J2SE Environment

• Authorization in the J2SE Environment

  See Also: "JAAS Provider Integration in J2SE Application Environments" "Sample J2SE Application" for a J2SE application demonstration

Authentication in the J2SE Environment

Authentication is the process of verifying the identity of a user in a computing system, often as a prerequisite to granting access to resources in a system. User authentication in the J2SE environment is performed with the following:

• A JAAS LoginContext class

• A JAAS Provider RealmLoginModule class or another login module that can be configured as the default login module

• A callback handler that you must create, following the JAAS model in javax.security.auth.callback

The constructor for the LoginContext class requires the name of the client login and a new instance of a callback handler, an object you must implement. The callback handlers, which are described in JAAS documentation, are required by the login module to communicate with users.

The user of the computing service is the Subject. The Subject is passed to the LoginContext class. The LoginContext.login() method compares the Subject to configuration settings in the JAAS Provider RealmLoginModule or other login module. If login() is successful, the login module associates the Principal (a specific identity) and credentials with the Subject.

This authenticates the Subject, which can then be retrieved by invoking LoginContext.getSubject in the authorization process.

See Also: JAAS documentation at the following Web site for more information about authentication, login modules, and callback handlers: http://java.sun.com/products/jaas/

Authorization in the J2SE Environment

Once a user is successfully authenticated, the authorization policy is enforced upon the user. Authorization is achieved through the following methods and interface based on the Java2 and JAAS Security Model:

• javax.security.auth.Subject.doAs() method in the client

• java.lang.SecurityManager.checkPermission method in the server

• The PrivilegedAction interface of java.security in the application

Subject.doAs

After retrieving the authenticated Subject from the LoginContext, the client invokes Subject.doAs with the application as a parameter. The application starts, which activates security checking in the server. An AccessControlException is thrown if security checking fails.

SecurityManager.checkPermission

Security checking in J2SE applications requires the use of the JDK 1.3 or greater java.lang.SecurityManager in the server.

The security manager determines whether to permit operations. The classes in Java packages cooperate with the security manager by asking the application's security manager for permission to perform certain operations. Each Java application can have its own security manager object that acts as a full-time security guard.

The SecurityManager.checkPermission method performs security checking.

PrivilegedAction

The application must implement the interface PrivilegedAction.

See Also: Java security architecture at the following Web site: http://java.sun.com/j2se/1.3/docs/guide/security/

Testing and Executing an Application

In order to test or execute the application, you must start the SecurityManager at the command line and, if using a login module to start an application, call it.

This is the first real test of the JAAS provider.

Note: The security manager is automatically started in JAAS provider-based J2EE applications.

Starting With RealmLoginModule

To start the application using the RealmLoginModule:

1. Go to the computer on which the J2SE application is installed.

2. Start the security manager and test the application at the command prompt:

   java -Djava.security.manager -Djava.security.policy=java2.policy
   -Djava.security.auth.policy=jazn.xml
   -Djava.security.auth.login.config=jaas.config MyApp
   
   

   where the client, MyApp, calls your application. The jazn.xml file is the property file that identifies the provider type you are using (Oracle Internet Directory or XML-Based Provider Type). The jaas.config file indicates that RealmLoginModule is required for authentication.

   This command can be used with the sample code shown in "Sample J2SE Application".

Start Without Using RealmLoginModule

It is possible to start J2SE applications without using authentication and the RealmLoginModule or any login module, but that is not the preferred method. To do so and use the sample code provided in this chapter, you need to modify the MyApp code in Example 8-1, "Client Login Code" so that it does not require the objects described in "Authentication in the J2SE Environment".

After you have modified the MyApp code, you can start it.

To start the application without using the RealmLoginModule:

1. Go to the computer that the J2SE application is installed on.

2. Start the security manager and execute the application at the command prompt:

   For example, to test a sample application, enter:

   java -Djava.security.manager -Djava.security.policy=java2.policy 
   -Djava.security.auth.policy=jazn.xml MyApp
   
   

   where the client, MyApp, calls your application. The type of JAAS provider you are using (LDAP-based or XML-based) is identified in the jazn.xml file.

Sample J2SE Application

This section shows a sample client login, MyApp, and a brief test application using the JAAS provider in a J2SE environment.

Table 8-1 Sample Client Login Code

Objects	Names	Comments
CallbackHandler	myCallbackHandler	myCallbackHandler is a callback handler that you must implement.
sample application	AccessTest1	AccessTest1 is the application that the user wants to start. The code for AccessTest1 is show in Example 8-2.
sample external realm	abcRealm	abcRealm was created in Example 7-1.
client user	Jane.Smith or unknown	The client user added in Example 7-1. Since Jane.Smith is the only user added; that is, the only name returned to Principal p.

The following is executed using the commands described in "Testing and Executing an Application".

Example 8-1 Client Login Code

MyApp Code

import java.io.*;
import java.util.*;
import java.security.Principal;
import javax.security.auth.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.security.auth.spi.*;
import com.sun.security.auth.*;

import oracle.security.jazn.*;
import oracle.security.jazn.realm.*;

public class MyApp {

    public static void main(String[] args) {

	LoginContext lc = null;
	try {
	    // you must create a CallbackHandler class 		
    lc = new LoginContext("MyApp", new myCallbackHandler());
    	} catch (LoginException le) {
	    le.printStackTrace();
	    System.exit(-1);
	} 

	try {
	    // attempt authentication
	    lc.login();	    
	} catch (AccountExpiredException aee) {	   
	    System.out.println("Your account has expired.  " +
			       "Please notify your administrator.");
	    System.exit(-1);	   

 // other exceptions
 //CredentialExpiredException
	 // FailedLoginException 
	}

	// checking what Principals the user has
	Iterator principalIterator = lc.getSubject().getPrincipals().iterator();
	System.out.println("Authenticated user has the following Principals:");
	while (principalIterator.hasNext()) {
	    Principal p = (Principal)principalIterator.next();
	    System.out.println("\t" + p.toString());
	}
	
	System.out.println("User has " +
			   lc.getSubject().getPublicCredentials().size() +
			   " Public Credential(s)");
	
	// now try to execute the sample application as the authenticated Subject
	Subject.doAs(lc.getSubject(), new AccessTest1());

	System.exit(0);
    }

}

Sample J2SE Application Code

This is the sample application that is executed when a successfully authenticated principal runs MyApp.

Table 8-2 Objects in Sample Application Code

Objects	Names
file	report.data

Example 8-2 Sample Application Code

import java.lang.*;
import java.security.*;
import java.io.*;

public class AccessTest1 implements PrivilegedAction {

    public Object run() {

        File f = new File("report.data");

        // Security checking is invoked
        if (f.exists()) {
            System.out.println("*** report.data accessed ***");
        }
        return null;
    }
}

Discussion of the J2SE Sample Client Login and Application Code

In the MyApp client, once the authentication process is completed, Subject.doAs starts the sample application AccessTest1.

AccessTest1 starts and requests to read the report.data file. This request invokes security checking in the server, which determines if the user has permission on AccessTest1 to read the report.data file.

Permission has been granted previously to Jane.Smith in Example 7-1. If Jane.Smith is the user logging in, AccessTest1 runs.

If the user is not Jane.Smith, the authorization fails because no other users have been granted this permission.