Oracle9iAS Containers for J2EE Services Guide Release 2 (9.0.2) Part Number A95879-01 |
|
This chapter describes how to develop secure Java2 Platform, Standard Edition (J2SE) applications using the Oracle9iAS Containers for J2EE (OC4J) JAAS Provider.
This chapter contains these topics:
This chapter assumes that you have followed the management instructions in Chapter 8, "Developing Secure J2SE Applications".
Note:
J2SE application developers develop, deploy, and manage Java applications on local desktops or servers. Using the JAAS provider enables developers to make these applications secure.
After the creation of realms and related components described in Chapter 6, "Integrating the JAAS Provider with Java2 Applications", the JAAS provider can be integrated into J2SE applications to provide the following services:
See Also:
Authentication is the process of verifying the identity of a user in a computing system, often as a prerequisite to granting access to resources in a system. User authentication in the J2SE environment is performed with the following:
LoginContext
class
RealmLoginModule
class or another login module that can be configured as the default login module
javax.security.auth.callback
The constructor for the LoginContext
class requires the name of the client login and a new instance of a callback handler, an object you must implement. The callback handlers, which are described in JAAS documentation, are required by the login module to communicate with users.
The user of the computing service is the Subject
. The Subject
is passed to the LoginContext
class. The LoginContext.login()
method compares the Subject
to configuration settings in the JAAS Provider RealmLoginModule
or other login module. If login()
is successful, the login module associates the Principal
(a specific identity) and credentials with the Subject
.
This authenticates the Subject
, which can then be retrieved by invoking LoginContext.getSubject
in the authorization process.
Once a user is successfully authenticated, the authorization policy is enforced upon the user. Authorization is achieved through the following methods and interface based on the Java2 and JAAS Security Model:
javax.security.auth.Subject.doAs()
method in the client
java.lang.SecurityManager.checkPermission
method in the server
PrivilegedAction
interface of java.security
in the application
After retrieving the authenticated Subject
from the LoginContext
, the client invokes Subject.doAs
with the application as a parameter. The application starts, which activates security checking in the server. An AccessControlException
is thrown if security checking fails.
Security checking in J2SE applications requires the use of the JDK 1.3 or greater java.lang.SecurityManager
in the server.
The security manager determines whether to permit operations. The classes in Java packages cooperate with the security manager by asking the application's security manager for permission to perform certain operations. Each Java application can have its own security manager object that acts as a full-time security guard.
The SecurityManager.checkPermission
method performs security checking.
The application must implement the interface PrivilegedAction
.
In order to test or execute the application, you must start the SecurityManager
at the command line and, if using a login module to start an application, call it.
This is the first real test of the JAAS provider.
java -Djava.security.manager -Djava.security.policy=java2.policy -Djava.security.auth.policy=jazn.xml -Djava.security.auth.login.config=jaas.config MyApp
where the client, MyApp
, calls your application. The jazn.xml
file is the property file that identifies the provider type you are using (Oracle Internet Directory or XML-Based Provider Type). The jaas.config
file indicates that RealmLoginModule
is required for authentication.
This command can be used with the sample code shown in "Sample J2SE Application".
It is possible to start J2SE applications without using authentication and the RealmLoginModule
or any login module, but that is not the preferred method. To do so and use the sample code provided in this chapter, you need to modify the MyApp
code in Example 8-1, "Client Login Code" so that it does not require the objects described in "Authentication in the J2SE Environment".
After you have modified the MyApp
code, you can start it.
For example, to test a sample application, enter:
java -Djava.security.manager -Djava.security.policy=java2.policy -Djava.security.auth.policy=jazn.xml MyApp
where the client, MyApp
, calls your application. The type of JAAS provider you are using (LDAP-based or XML-based) is identified in the jazn.xml
file.
This section shows a sample client login, MyApp
, and a brief test application using the JAAS provider in a J2SE environment.
Objects | Names | Comments |
---|---|---|
CallbackHandler |
|
|
sample application |
|
|
sample external realm |
|
|
client user |
|
The client user added in Example 7-1. Since |
The following is executed using the commands described in "Testing and Executing an Application".
import java.io.*; import java.util.*; import java.security.Principal; import javax.security.auth.*; import javax.security.auth.callback.*; import javax.security.auth.login.*; import javax.security.auth.spi.*; import com.sun.security.auth.*; import oracle.security.jazn.*; import oracle.security.jazn.realm.*; public class MyApp { public static void main(String[] args) { LoginContext lc = null; try { // you must create a CallbackHandler class lc = new LoginContext("MyApp", new myCallbackHandler()); } catch (LoginException le) { le.printStackTrace(); System.exit(-1); } try { // attempt authentication lc.login(); } catch (AccountExpiredException aee) { System.out.println("Your account has expired. " + "Please notify your administrator."); System.exit(-1); // other exceptions //CredentialExpiredException // FailedLoginException } // checking what Principals the user has Iterator principalIterator = lc.getSubject().getPrincipals().iterator(); System.out.println("Authenticated user has the following Principals:"); while (principalIterator.hasNext()) { Principal p = (Principal)principalIterator.next(); System.out.println("\t" + p.toString()); } System.out.println("User has " + lc.getSubject().getPublicCredentials().size() + " Public Credential(s)"); // now try to execute the sample application as the authenticated Subject Subject.doAs(lc.getSubject(), new AccessTest1()); System.exit(0); }
}
This is the sample application that is executed when a successfully authenticated principal runs MyApp
.
Objects | Names |
---|---|
file |
|
import java.lang.*; import java.security.*; import java.io.*; public class AccessTest1 implements PrivilegedAction { public Object run() { File f = new File("report.data"); // Security checking is invoked if (f.exists()) { System.out.println("*** report.data accessed ***"); } return null; } }
In the MyApp
client, once the authentication process is completed, Subject.doAs
starts the sample application AccessTest1
.
AccessTest1
starts and requests to read the report.data
file. This request invokes security checking in the server, which determines if the user has permission on AccessTest1
to read the report.data
file.
Permission has been granted previously to Jane.Smith
in Example 7-1. If Jane.Smith
is the user logging in, AccessTest1
runs.
If the user is not Jane.Smith
, the authorization fails because no other users have been granted this permission.
|
Copyright © 2002 Oracle Corporation. All Rights Reserved. |
|