jaas introduction. outline l general overview of java security java 2 security model how is security...
TRANSCRIPT
Jaas Introduction
Outline
General overview of Java security• Java 2 security model• How is security maintained by Java and JVM?• How can a programmer ensure security?
Java Authentication and Authorization Service (JAAS (pronounced jazz))• What is JAAS?• How can it be used? (with code samples)
Java-Technology based Security
Strongly typed Byte code verification Runtime type safety checks Class loaders Security managers
JDK 1.0 Security Model
The “Sandbox“ Model
JDK 1.1 Security Model
The concept of “signed“ applet
Java 2 Security Model (JDK 1.2 and higher)
Fine grained access control using security policies
Example: Java Security
package demo.jaas;import java.io.File;public class UnAuthenticatedClient{ public static void main(String[] args) { File f = new File("ProtectedFile.txt"); System.out.print( "\nProtectedFile.txt does "); if (!f.exists()) System.out.print("not "); System.out.println("exist."); }}
A very simple program (UnAuthenticatedClient.java):
grant codebase "file:C:/demo/jaas/noauth_client.jar" { permission java.io.FilePermission "ProtectedFile.txt", "read";};
The security policy for the “ProtectedFile.txt“ (noauth_java.policy):
Example: Java Security 2java –classpath C:\demo\jaas\noauth_client.jar -Djava.security.manager –Djava.security.policy==C:\demo\jaas\noauth_java.policy demo.jaas.UnAuthenticatedClient
Execute program using SecurityManager and policy file:
grant codebase "file:C:/demo/jaas/noauth_client.jar“ {};
Case 1: Change policy file to (and execute):
Exception because no permission
Case 2: Move original files from C:\demo\jaas to C:\temp and execute
Exception because code comes no longer from C:\demo\jaas\noauth_client.jar
grant codebase "file:C:/demo/jaas/noauth_client.jar" { permission java.io.FilePermission "ProtectedFile.txt", "read";}; grant signed by aheusser codebase “file:C:/demo/jaas/noauth_client.jar“ { permission java.io.FilePermission "ProtectedFile.txt", "read,write";}
Case 3: Change policy file to (and execute):
Why use JAAS?
Java Security is code-centric (permissions granted based on code characteristics)
JAAS allows• Authentication: reliably and securely determine who is currently
executing Java code• Authorization: ensure users have access control rights (permissions)
required to do the actions performed
Architecture of JAAS
Packages:javax.security.auth, javax.security.auth.callback, javax.security.auth.login, javax.security.auth.spi
Common classes: Subject, Principal, Credential
Authentication classes: LoginContext, LoginModule, Callback, CallbackHandler
Authorization classes:Policy, AuthPermission, PrivateCredentialPermission
JAAS Authentication
Authentication performed in pluggable fashion• Java applications remain independent from underlying authentication technologies
JAAS Authentication 2
To authenticate a subject (user or service) following steps are performed:
1. Application instantiates a LoginContext- LoginContext needs a string that indexes an entity in the config file- A CallbackHandler is optional (needed if user interaction is required)
2. LoginContext consults a Configuration to load all required LoginModules
3. Application calls LoginContext‘s login() method
4. Login method invokes all LoginModules- each LoginModule attemps to authenticate the subject
5. The LoginContext returns the authentication status to the app.
6. If authentication successful, application retrieves the subject
Example: JAAS AuthenticationJAASArticle { demo.jaas.LoginModuleImpl required debug=true fileName=passwords; };
File: jaas.config
java -Djava.security.auth.policy=jaas.config ...
Start of program:
...// use the configured LoginModules for the "JAASArticle" entryLoginContext lc = null;try { lc = new LoginContext( "JAASArticle", new MyCallbackHandler());} catch (LoginException le) { le.printStackTrace(); System.exit(-1);}...try { // attempt authentication lc.login(); } catch (LoginException e) { System.out.println( e.getMessage()); System.exit(-1); }...lc.logout();
File: AuthorizedClient.java:
Example: JAAS Authentication 2
class MyCallbackHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof NameCallback) { // prompt the user for a username and store it in the NameCallback .... } else if (callbacks[i] instanceof PasswordCallback) { // prompt the user for sensitive information an store it in the // PasswordCallback .... } else { throw new UnsupportedCallbackException(callbacks[i],"Unrecognized Callback"); } } }....}
File: MyCallbackHandler.java:
LoginModuleImpl implements LoginModule interface with methods:- initialize(Subject, CallbackHandler, Map, Map), login(), logout(), commit(), abort()
login method creates the callbacks (e.g. NameCallback and PasswordCallback) and calls CallbackHandler.handle method by passing the callbacks. When handle returns, login validates the information.
JAAS Authorization
JAAS authorization extends the existing Java security architecture (policy files)
Authorization is now user-centric by handling Principal-based queries
• default policy implementation supports Principal-based grant entries
• access control can now be based not just on what code is running, but also who is running it
In order to be able to do something a user must now first be authenticated
Example: JAAS Authorization
...//get the LoginContext and log in
// now try to execute the AuthorizedAction as the authenticated Subject Subject.doAs(lc.getSubject(), new AuthorizedAction());...lc.logout();
File: AuthorizedClient.java:
package demo.jaas;import java.io.File;import java.security.PrivilegedAction;
public class AuthorizedAction implements PrivilegedAction {
public Object run() { File f = new File("ProtectedFile.txt"); System.out.print("\nProtectedFile.txt does "); if (!f.exists()) System.out.print("not "); System.out.println("exist."); return null; }}
File: AuthorizedAction.java:
Example: JAAS Authorization 2grant codebase "file:C:/demo/jaas/client_action.jar", Principal demo.jaas.PrincipalImpl "aheusser" { permission java.io.FilePermission "ProtectedFile.txt", "read";};
File: jaas.policy
/* grant the JAAS core library AllPermission */grant codebase "file:C:/jdk1.3/jre/lib/ext/jaas.jar" { permission java.security.AllPermission;};
/* grant the LoginModule AllPermission */grant codebase "file:C:/demo/jaas/loginmodule.jar" { permission java.security.AllPermission;};
grant codebase "file:C:/demo/jaas/client.jar" { permission javax.security.auth.AuthPermission "createLoginContext"; permission javax.security.auth.AuthPermission "doAs"; permission java.io.FilePermission "ProtectedFile.txt", "read"; };
File: java.policy
Features and Goals of JAAS
Simple and pluggable authentication• Implements the standard PAM framework (Pluggable Authentication Module)
• Apps need not to be changed if authentication mechanisms are changed
Policy-based authentication• Apps need not concern with exact authentication mechanisms used
• Default login config mechanism is a configuration file
Fine-grained access control capabilities Authenticate and enforce access controls upon users Support for user-based, group-based and role-based access
controls
Java Security Packages
JAAS (Java Authentication and Authorization Service)
JCE (Java Cryptography Extension)
JSSE (Java Secure Sockets Extension)
GSS API (Generic Security Service)• Securely exchanging messages using Kerberos V5
Certification Path API• Allows to build and validate certification paths
Features of JCE
Extends the JCA (Java Cryptography Architecture)
Defines standard encryption APIs Pluggable framework architecture
• Enables qualified providers (CSPs) to be plugged in
Jurisdiction policy files• Allow strong but limited cryptography to be used
Features of JSSE
Standard socket APIs for SSL and TLS• SSL v3 and TLS 1.0 support
Transport level Authentication, Integrity, and Privacy Utilities for key and certificate management Cipher suite negotiation
• SSL “handshaking“ to initiate or verify secure communications
Includes https URL handler Cryptographic suites including:
• RSA, RC4, DES, DSA, etc.
Resources for Java Security
Java Security http://java.sun.com/security/ http://java.sun.com/j2se/1.4/docs/guide/security/index.html
JAAS http://java.sun.com/products/jaas/ http://java.sun.com/j2se/1.4/docs/guide/security/jaas/JAASLMDevGuide.html http://service2.boulder.ibm.com/devtools/news0300/artpag28.htm http://www.devx.com/premier/mgznarch/Javapro/2001/09sep01/tm0109/tm0109-1.
asp http://www.javaworld.com/javaworld/jw-05-2001/jw-0525-security.html