• Save
Možnosti riešenia autorizácie s využitím JAAS
Upcoming SlideShare
Loading in...5
×
 

Možnosti riešenia autorizácie s využitím JAAS

on

  • 508 views

 

Statistics

Views

Total Views
508
Slideshare-icon Views on SlideShare
508
Embed Views
0

Actions

Likes
1
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Možnosti riešenia autorizácie s využitím JAAS Možnosti riešenia autorizácie s využitím JAAS Presentation Transcript

    • Možnosti riešenia autorizácie s využitím JAAS Peter Marcinčák VSL Software, a.s. Lomená 8, 040 01 Košice marcincak@vsl.sk
    • Prečo JAAS? Autorizácia vo vyvíjaných aplikáciách ako štandardizovať riešenie jedného zo základných problémov v aplikáciách Customizácia produktov tretích strán ako prispôsobiť autorizáciu zabudovanú do produktov tretích strán pre potreby konkrétneho projektu/zákazníka
    • Java a security 1.1 trusted code „Sandbox Model“ - security model focused on protecting users based on • where the code originated • who created it
    • Java a security JAAS - Java Authentication and Authorization Service - novy framework – J2SE 1.3 (J2SE 1.4) - who or what runs the program Permission LoginContext Policy LoginModule AccessController CallbackHandler Subject Principal
    • JAAS – základné princípy javax.security.auth.Subject the source of a request any entity, such as a person or a service Represents a grouping of related information for a single entity. Such information includes the Subjects identities as well as its security-related attributes (passwords and cryptographic keys, for example). Subjects may potentially have multiple identities. Each identity is represented as a Principal within the Subject. Subject Set<Principal> getPrincipals() Set<Object> getPrivateCredentials() Set<Object> getPublicCredentials() Principals java.security.Principal String getName() Credentials javax.security.auth.kerberos.KerberosPrincipal javax.security.auth.x500.X500Principal
    • JAAS – základné princípy java.security.Permission abstract - permission (sub)classes represent access to system resources new java.io.FilePermission("/tmp/abc", "read") String getName() String getActions() boolean implies(Permission permission) new FilePermission("myfile", "read,write"); new FilePermission("/tmp/mytmp", "read,delete"); new FilePermission("/bin/*", "execute"); new FilePermission("*", "read"); new FilePermission("/-", "read,execute"); new FilePermission("<<ALL FILES>>", "read");
    • JAAS – základné princípy java.net.SocketPermission new SocketPermission("java.sun.com","accept"); new SocketPermission("204.160.241.99","accept"); new SocketPermission("*.com","connect"); new SocketPermission("*.sun.com:80","accept"); new SocketPermission("*.sun.com:-1023","accept"); new SocketPermission("*.sun.com:1024-","connect"); new SocketPermission("java.sun.com:8000-9000", "connect,accept"); new SocketPermission("localhost:1024-", "accept,connect,listen"); java.util.PropertyPermission javax.security.auth.AuthPermission a.b.* "read,write" doAs doAsPrivileged java.lang.RuntimePermission modifyPrincipals modifyPublicCredentials createClassLoader modifyPrivateCredentials exitVM ... modifyThread stopThread java.security.AllPermission loadLibrary.{library name} accessClassInPackage.{package name} defineClassInPackage.{package name} ... accessDeclaredMembers.{class name} ...
    • JAAS – základné princípy java.security.AccessController static void checkPermission(Permission p) throws AccessControlException static AccessControlContext getContext() AccessController.checkPermission(new FilePermission("/tmp/abc", "read")); java.security.AccessControlContext void checkPermission(Permission p) throws AccessControlException AccessControlContext acc = AccessController.getContext() ... acc.checkPermission(new FilePermission("/tmp/abc", "read"))
    • JAAS – základné princípy javax.security.auth.Subject static Object doAs(Subject subject, PrivilegedAction a) boolean result = (Boolean) javax.security.auth.Subject.doAs(subject, new java.security.PrivilegedAction<Boolean>() { public Boolean run() { … nejaky kod, ktory overuje (priamo/nepriamo) permissions java.security.AccessController.checkPermission(permission); … return true; } });
    • JAAS – základné princípy java.security.Policy boolean implies(ProtectionDomain domain, Permission permission) void refresh() static Policy getPolicy() static void setPolicy(Policy policy) -Dpolicy.provider=sun.security.provider.PolicyFile grant codeBase "file:${{java.ext.dirs}}/*" { permission java.security.AllPermission; }; grant { permission java.net.SocketPermission "localhost:1024-", "listen"; }
    • JAAS – základné princípy Permission(s) - popisujú, akú akciu a s ktorým objektom(mi) chceme vykonať (resp. prideliť) - návrh a sémantika je plne v rukách vývojára, podľa potrieb príslušnej aplikácie AccessController - final class, s ktorým ako jediným (v podstate) bežný programátor prichádza do styku - umožňuje overiť, či subjekt (resp. kód), ktorý ide vykonať nejakú akciu, má príslušné oprávnenie Policy objekt reprezentujúci (vymeniteľnú) politiku, ktorú využíva AccessController pri rozhodovaní o tom, či subjekt (kód) má oprávnenie na nejaké permission Subject - objekt reprezentujúci entitu, ktorá vykonáva kód - identita subjektu je reprezentovaná sadou Principal-ov - statické metódy umožňujú vložiť Subject na auth kontext threadu, aby sa zohľadňoval pri ďalšom vyhodnocovaní permissions
    • Apache Jetspeed portál https://portal.demo.vsl.sk/portal/
    • Apache Jetspeed – security RdbmsPolicy FolderPermission PagePermission Policy FragmentPermission PortletPermission DefaultLoginModuleLoginContext AccessController Subject Sources UserPrincipal AccessController.checkPermission( RolePrincipal new PagePermission("/admin/uvod.psml", "read") );
    • Custom principals « interface» Principal «transie nt» - id : in t - expire s: NT im estam p (0) «in terface» «in terface» «in terface» « inte rfa ce» « inte rface » UserPrincipal RolePrincipal JobPositionPrincipal OrgUnitPrincipal EmployeePrincipal«transi ent» «tra nsie nt» «transient» «tran sien t»- log in: S trin g(5 0) - descri ptio n: S trin g(60 ) - unitT ype : CharA rr(3 ) - person alId : CharA rr- givenNa m e : String (50) - profe ssion Nam e: NCh arA rr(12 ) - decriptio n: Strin g(6 0) - gi venNam e : S tring(50 )- fam ilyNam e : S tring (50) - leve l: S hort - fa m ilyNam e: S trin g(50 )- honoricP refix: NS tring(2 0) - honoricPre fix: NS tring(20)- honoricS uffix: NS tring(2 0) - honoricSuffix: NS tring(20)
    • PrincipalProvider public interface PrincipalProvider { // dohladanie vsetkych principalov pre dany login public Set<Principal> resolvePrincipals(String login); // znovunacitanie vsetkych dat z DB, ktore su potrebne // pre dohladavanie principalov public void reloadCache() throws Exception; }
    • CompositePrincipalProvider public class CompositePrincipalProvider implements PrincipalProvider { private List<PrincipalResolver> resolvers; // registrovane resolvery public Set<Principal> resolvePrincipals(String login) { CommitableResolvingContext context = new CommitableResolvingContext(login); for (PrincipalResolver resolver : resolvers) { try { resolver.resolvePrincipals(context); context.commit(); } catch (Exception e) { log.error(...); } finally { context.rollback(); } } return context.getCommited(); public interface PrincipalResolver { } public void resolvePrincipals(ResolvingContext principals) throws Exception; } public interface ResolvingContext { public String getLogin(); public Timestamp getTimestamp(); public Iterable<Principal> getPrincipals(); public boolean add(Principal principal); }
    • Dáta pre PrincipalResolver-y SOUser «prim ary key» - i d: Int «persistent» - l ogin: StringA(50) - givenNam e: StringL(50) - fam i lyNam e: Stri ngL(50) - honoricPrefix: NStri ngL(20) - honoricSuffix: NStri ngL(20) - em ail : NStri ngA(50) - phone: NStringA(16) - active: Boolean - external Id: NStringA(50) - validFrom : Date - validT o: NDate - l astM odifBy: StringA(50) - l astM odif: T im estam p(0) SORole SORoleAssignment SOPrincipal «prim a ry key» «prim ary key» - id: Int - id: Int -princip al 1 -assignm en ts -ro le -assignm ents «foreign key» «persistent a soc» «persiste nt» - nam e: StringA(50) ~ roleId: Int 0..* «p ersistent asoc» ..* - descripti on: StringL(25 5) 1 0 ~ principalId: Int - validFrom : Date «persistent» - validT o: NDate - validFrom : Date - lastM odifBy: StringA(50) - validT o: NDate - lastM odif: T im estam p (0) - lastM odifBy: String A(50) - lastM odif: T im estam p(0)
    • Dáta pre PrincipalResolver-y SOOrgItemsAssoc SOOrgItem « prim a ry key» - id: Int «pri m ary ke y» -m aste rItem -subIte m s « foreig n key» - id: Int 1 «persistent asoc» 0..* ~ assocT ypeNam e: NCha rArrA(3) «persistent» ~ m a sterItem Id: Int # classId: Int ~ subItem Id: Int - notes: NStri ngL(255) « persisten t» - va lidFro m : Date -subIte m -m asterItem s - notes: NStringL(255) - va lidT o: NDate - lastM odifBy: StringA(50) 1 «persistent asoc» 0..* - validFrom : Date - validT o: NDate - lastM odif: T im estam p(0 ) - lastM odifBy: S tringA(50 ) - lastM odif: T im estam p(0) «persistent gener» «persistent gener» «persiste nt ge ner» SOEmployee SOJobPosition SOOrgUnit «persistent» «fore ign key» «fo reign key» - p erso nalId: Stri ngA(50) ~ professionNam e: NCha rArrA (12 ) ~ unitT ypeNam e: NCharA rr(3) - g ive nNam e: String L(50) «persistent» «persistent» - fa m ilyNam e: Strin gL(50 ) - nam e: Cha rArrA (12 ) - nam e: CharA rrL(12) - h onoricPrefix: NStringL(2 0) - descripti on: S tringL(60) - description: StringL(6 0) - h onoricSuffix: NStringL(2 0) - title : NString L(30) - lo gin: NS tringA(50)
    • Demo portál https://portal.demo.vsl.sk/portal/ Ukážka SubjectPortlet
    • Apache Jetspeed – security RdbmsPolicy FolderPermission PagePermission Policy FragmentPermission DefaultLoginModuleLoginContext PortletPermission Principal Provider AccessController Subject Sources UserPrincipal AccessController.checkPermission( RolePrincipal new PagePermission("/admin/uvod.psml", "read") ); UserPrincipal,EmployeePrincipal, OrgUnitPrincipal, ...
    • CompositePolicy public class CompositePolicy extends java.security.Policy implements Policy { private java.security.Policy parent; // nepovinna "parent" policy private List<PermissionResolver> resolvers; // registrovane resolvery @Override public boolean implies(ProtectionDomain domain, java.security.Permission permission) { Iterable<Principal> principals = new PrincipalArrayFilter(domain.getPrincipals()); for (PermissionResolver resolver : resolvers) { if (resolver.implies(principals, permission)) return true; } if (parent == null || permission instanceof sk.vsl.security.auth.api.Permission<?>) return false; return parent.implies(domain, permission); } } public interface PermissionResolver { public boolean implies(Iterable<Principal> principals, java.security.Permission permission); }
    • Demo portál https://portal.demo.vsl.sk/portal/ Ukážka nastavovania permissions pre rôzne typy principal-ov
    • Apache Jetspeed – security CompositePolicy RdbmsPolicy FolderPermission PagePermission Policy FragmentPermission DefaultLoginModuleLoginContext PortletPermission Principal Provider AccessController Subject Sources UserPrincipal AccessController.checkPermission( RolePrincipal new PagePermission("/admin/uvod.psml", "read") ); UserPrincipal,EmployeePrincipal, OrgUnitPrincipal, ...
    • ContactPermission new ContactPermission(“/VSL/Oddelenie sys. podpory/Surovy Tomas”, Action.Read) new ContactPermission(“/VSL/Oddelenie sys. podpory/*”, Action.Read) new ContactPermission(“/VSL/**”, Action.Read) new ContactPermission(“/VSL/**[f.public]”, Action.Read) new ContactPermission(“/VSL/**[f.public,f.protected]”, Action.Read) new ContactPermission(“/VSL/**[c.*,f.public,f.protected”, Action.Read) - pri návrhu sémantiky permissions sa „medze nekladú“ - target môže byť jednoduchý string, regexp, rôzne masky ale aj komplikované pravidlá a pod.
    • Demo portál https://portal.demo.vsl.sk/portal/ Ukážka nastavovania permissions pre kontakty (vrátane filtrov a pod.)
    • Challenges Performance - permissions sú držané v permission collections “skompilované” - prístupy v mapách podľa id principalu - enum akcie - resolvery vedia, akých tried permissions vedia implikovať - memory footprint - opakované vyhodnocovanie implies pre rôzne CodeSource Design API - grant vs. revoke - hasPermission vs. checkPermission - getPermissions public <P extends java.security.Permission> Set<P> getPermissions(Set<Principal> principals, Class<P> clazz); public <E extends Enum<E>, P extends Permission<E>> Set<P> getPermissions(Set<Principal> principals, Class<P> clazz, E action); public <P extends java.security.Permission> Set<P> getPermissions(Set<Principal> principals, Class<P> c, PermissionFilter<P> filter);
    • Zhrnutie • štandardný Java framework • jednoduché API pre overovanie permissions • flexibilita pri návrhu permissions podľa potrieb aplikácie • striktné oddelenie overovania permissions od prideľovania permissions - je to možné využiť obidvoma smermi • obrovská flexibilita pri prideľovaní permissions, hlavne pri použití custom principals a policy - minimálna podpora pre hromadné (pred)výbery dát
    • Q&A