JAAS 学习笔记

JAAS

Resource:http://hintcnuie.iteye.com/blog/245239

 

Authentication, Authorization and Access Control
The primary goal of JAAS is to manage the granting of permissions and performing security checks for those permissions.

 

1.Authentication

1.1 Concept

Principal is one of identifers of a subject.
Subject is a collection of principals.
Credential is a prove of principal, it could be any type of object.  

Authentication:The process to identify subject and attach credentials and principals to a subject.
LoginModule: provide a pluggable way to have system support JAAS.
                    used for authentication(login, and principals, credentials binding)
                    (authentication technology providers interface)
LoginContext:describes the basic methods used to authenticate Subjects and provides a way to develop an
                    application independent of the underlying authentication technology.

                    (Application Interface)            
Configuration:determine which LoginModules should be used,
                     and which ones must succeed in order for the overall authentication to succeed(consits of AppConfigurationEntrys).
CallbackHandler: communicate and interact with users to gather identification information
CallBack: store information gathered by CallbackHandler;

  

1.2Authentication Progress
Application employ LoginContext to get a authenticated Subject. At this time, LoginContext will ask the Configuration for the

plugined LoginModules, and call each LoginModule to attach principals and credentials to Subject(owned by each LoginModule or LoginContext).
Before each LoginModule attach principals and credentials, there will be a chance for LoginModule to judge whether to attach or not,

it employ CallbackHandler to collect informations in the CallBacks. If the collected information is valid, it could do attach now(in LoginContext is commit).

 

2.Authorization && AccessControl

2.1 Concept

Permission defines what kind of actions on a target.
Permission = Permission Type + Target(permission effect on) + Action(Optional)  

Not a subject but principal is assigned to a permission(defined by policy).

 

Policy: defines which permission are granted to a given security context(principal).(Deploying time And RunTime) 

Authorization: binding permissions to princpals(policy)
Acess Control: access sensitive code employ AccessControler or Security Mananger to check subject have the right to access resources.

ProtectDomain: encapsulates a set of classes whose instances are granted a set of permissions when being executed on behalf of a given

                        set of Principals.

2.2 Acess Control Progress

 

3. Two Extensible Interface

  Subject -- Principals -- Permission: Jaas employs Pricipals to decouple the Subject and Principals.

 

  Configuration: support to dynamicly or staticly add/remove/edit LoginModules which attach pricipals to Subject.

                        It judges which pricipals a Subject could have.

 

  Policy: support to dynamicly or staticly add/remove permissions to a principal.

             It judges which permissions a principal could have.

4. JAAS in Tomcat

   Realm: as LoginModule, authenticate a user based on a username and password, adding “roles” to that user if authentication was successful.

             defined as Realm in server.xml  

   Role: as Principal, defined as security-role in web.xml  

   Authenticator: as access controller to take access control function. defined as login-config in web.xml.

               It look down security-constraint to check.

     

  

 

 

 

 

 

 

评论

1 楼 unsid 2009-04-14  

在了解jaas之前一直搞不懂安全问题，以往我们做系统的权限都是由系统开发人员自己完成，比如局长有所有功能权限，管理员只有创建用户的权限等等。。。我起先还以为jaas是一个基于快速构建类似权限策略的框架，可是我了解了之后发现不是.
jaas提供了系统访问权限而不是应用级别的权限，jaas宣扬的是安全，而平常我们说的访问是用户权限，我突然意识到这两个概念的不同，安全是作为权限背后的保障机制出现的，比如用户定义权限“张三登陆系统不能进入申报页面”，这直接影响了系统流程，那么如果用jaas描述，很难讲“张三登陆系统不能读取名为submit.txt的文件”在整个应用系统中有什么业务含义。所以jaas几乎没法用来控制流程和表现业务，而是用来作为权限背后的保障机制。比如：“张三不能进入申报页面”，而进行申报的第一个环节就是读取submit.txt，开发人员实现这个权限全靠隐藏申报页面，但是倘若张三用某个软件或者系统bug显示了这个隐藏页面（看起来不难），那么如果在policy中配置张三不能读取submit.txt的策略，纵使张三突破隐藏页面的防线，也没有任何办法越过jaas的控制。
所以在我认识中jaas不是用于控制系统流程和表现业务而是提供保障机制，这也是我看待“安全”和“权限”的区别，我不知道在国内项目中有多少项目特别重视jaas，至少到现在位置，我做过项目中，隐藏页面我们就默许为安全了：）

jaas还牵涉思考一个问题就是,通常的权限主体是登陆用户,这就需要policy文件与人员库整合统一.