Embed Size (px)
Citation preview
JAASJAAS
Qingyang Liu and Lingbo Wang
CSCI 5931.01 Web Security
April 2, 2003
TopicsTopics
JAAS
JAASJAAS JAAS stands for Java Authentication and Authorization
Service. It grants permissions based on who is executing the code.
JAAS uses Pluggable Authentication Modules(PAM) for authentication.
Different modules can be plugged in, allowing the user to be authenticated against most PAM‑capable mechanisms.
JAAS will be integrated into J2EE, Java 2 Enterprise Edition and JDK 1.4.
JAAS ClassesJAAS Classes
JAAS defines the following packages:O javax.security.authO javax.security.auth.callback
O javax.security.auth.loginO javax.security.auth.spi
Important onesImportant ones
javax.security.auth.Subjectjavax.security.auth.spi.LoginModulejavax.security.auth.login.Logincontextjavax.security.auth.login.Configurationjavax.security.auth.callback.Callbackjavax.security.auth.callback.CallbackHandler
SubjectSubject The subject class represents a single entity using the system.
A subject can possess one or more identities by an instance of java. security. Principal. The method getPrincipal () returns a Set of those principals.
Subjects also contain a list of credentials ( public and private). Credentials can be accessed via Subject. getPublicCredentials () and Subject. getPrivateCredentials ( ) . Credentials are just objects, and don't inherit from a superclass or implement an interface.
Subjects represent who is running the currently executing code. The active subject can be fetched with the static method Subject . getSubject () .
LoginModuleLoginModule LoginModule is an interface that must be implemented in
order to provide authentication.
Multiple login modules can be used at a time, and JAAS will attempt to log in via each of them. JAAS can be configured to allow or deny logins based on which of those various attempts succeed.
Loginmodule defines five methods, initialize () , login(), commit () , abort ( ) , and logout ( ), to implement a two‑phase commit for authentication when using multiple authentication methods.
LoginModule(cont.)LoginModule(cont.) inltialize(Subject subject, CallbackHandler handler, Map
sharedState, Map options) This method sets up the LoginModule to be used to attempt a login. login()
This method checks the credentials of the subject passed in earlier. How this is done is implementation‑dependent.
commit()If the necessary logins were successful, JAAS will call commit () on each login module.
abort()As the necessary login modules failed, the the abort () method is called.
logout()This method logs out a subject.
LoginContextLoginContext
The login context is used to actually log in. The code performing the authentication instantiates a LoginContext, which then uses a Configuration to determine which login modules to use to authenticate a subject. The code attempting to authenticate then calls login () on the LoginContext.
ConfigurationConfiguration Configuration is an abstract class that defines how a
LoginContext and Loginmodules should be used. The main use of a configuration is to determine which login
modules need to be called and states of the entire login process. There are four possibilities : O Required ‑ must succeed for the entire login to succeed. Even fails, the other login modules are queried.O Requisite ‑ If fails, the login process is short‑circuited and no more login modules are called.O Sufficient ‑ If this module succeeds and no required or requisite modules fail, the entire login succeeds.
O Optional ‑ This modules' success doesn't impact on the remainder of the login process. If no sufficient, requisite, or required modules fail, the login succeeds, regardless of whether an optional module succeeds.
Callback & CallbackHandlerCallback & CallbackHandler The Callback interface contains no methods. It is
simply there to tag classes that can be used to provide information from code attempting a login to the login module.
The CallbackHandler interface defines one method: handle (Callback [ ] callbacks).This method iterates through the callbacks provided and adds the requested information to each one.
Authentication ExampleAuthentication Example The handle() method
Code in the book p.247The getName () methodThe PasswordLoginmoduleThe initialize () methodThe login () methodThe commit () methodThe abort () methodThe logout () method
Running the ExampleRunning the Example
You should have the following files:O jaas.configO JAASSampleApp.javaO PasswordLoginModule.javaO PrincipalImpl.javaUsernamePasswordCallbackHandler.Java
Compile them with:C:\> javac *.Java.
Running the ExampleRunning the Example We need to specify the location of the config
file to the VM when we actually execute the application like so:
C:\> Java ‑Djava.security.auth.login.config== jaas.config JAASSampleApp testuser sasquatch
If all is successful, you should see your authenticated subject displayed like so:
Subject: Principal: testuser Otherwise, you will see the exception thrown.
AuthorizationAuthorization
There are two types of authorization when using JAAS: declarative and programmatic. Just like in the servlet and EJB security models, we can define static configurations that allow and disallow access to resources, or we can write code that uses more sophisticated logic to determine how to dole out our resources based on who is running the code.
Declarative AuthorizationDeclarative Authorization JAAS adds a new configuration directive to the policy file
that defines permissions. We talked about the codebase and the signedby directive in Chapter 7, but now we're going to describe the Principal directive. This directive allows you to specify who must be running some code in order to have a certain permission. Here's a sample entry that you might use in a policy file:
grant Principal PrincipalImpl "testuser" { permission java.io.FilePermission "c:\test\test.txt", "read,write";};
Declarative authorization is seldom actually used.
Programmatic AuthorizationProgrammatic AuthorizationIt can be valuable to determine who is running the current code. You can get the current subject by call the static method getSubject () in the Subject class. This method requires an instance of java. security. AccessControlContext, which can be retrieved by using the method getcontext () in Java. security. AccessController. The code likes:
AccessControlContext context = Accesscontroller.getContext();
Subject subject = Subject.getSubject(context);
The retrieved subject can then be checked for principals to see what action should be performed.
Programmatic AuthorizationProgrammatic Authorization To run code as a specific subject, we need to use the
Subject. doAs ( ) method, which takes a subject and a java. security. PrivilegedAction, and runs the action as the subject. ……
// Now were logged in, so we can get the //current subject.
Subject subject = loginContext.getSubject();// Perform the example action as the //authenticated subject.
subject.doAs(subject, new ExampleAction());
BibliographyBibliography
[1] J. Garms and D. Somerfield. Professional Java Security. Wrox Press Ltd., 2001, pp. 244–258.
[2] Scott Oaks. Java Security, 2nd ed. O’Reilly, 2001.
[3] J. Jaworski, et al. Java Security handbook. Sams Publishing, 2000.
[4] http://java.sun.com/Java Security
[5] http://java.sun.com/products/jaas
