200 likes | 458 Views
JAAS. Qingyang Liu and Lingbo Wang CSCI 5931.01 Web Security April 2, 2003. Topics. JAAS. JAAS. JAAS stands for Java Authentication and Authorization Service. It grants permissions based on who is executing the code. JAAS uses Pluggable Authentication Modules(PAM) for authentication.
E N D
JAAS Qingyang Liu and Lingbo Wang CSCI 5931.01 Web Security April 2, 2003
Topics • JAAS
JAAS • JAAS stands for Java Authentication and Authorization Service. It grants permissions based on who is executing the code. • JAAS uses Pluggable Authentication Modules(PAM) for authentication. • Different modules can be plugged in, allowing the user to be authenticated against most PAM‑capable mechanisms. • JAAS will be integrated into J2EE, Java 2 Enterprise Edition and JDK 1.4.
JAAS Classes • JAAS defines the following packages: • O javax.security.auth • O javax.security.auth.callback • O javax.security.auth.login • O javax.security.auth.spi
Important ones • javax.security.auth.Subject • javax.security.auth.spi.LoginModule • javax.security.auth.login.Logincontext • javax.security.auth.login.Configuration • javax.security.auth.callback.Callback • javax.security.auth.callback.CallbackHandler
Subject • The subject class represents a single entity using the system. A subject can possess one or more identities by an instance of java. security. Principal. The method getPrincipal () returns a Set of those principals. • Subjects also contain a list of credentials ( public and private). Credentials can be accessed via Subject. getPublicCredentials () and Subject. getPrivateCredentials ( ) . Credentials are just objects, and don't inherit from a superclass or implement an interface. • Subjects represent who is running the currently executing code. The active subject can be fetched with the static method Subject . getSubject () .
LoginModule • LoginModule is an interface that must be implemented in order to provide authentication. • Multiple login modules can be used at a time, and JAAS will attempt to log in via each of them. JAAS can be configured to allow or deny logins based on which of those various attempts succeed. • Loginmodule defines five methods, initialize () , login(), commit () , abort ( ) , and logout ( ), to implement a two‑phase commit for authentication when using multiple authentication methods.
LoginModule(cont.) • inltialize(Subject subject, CallbackHandler handler, Map sharedState, Map options) This method sets up the LoginModule to be used to attempt a login. • login() This method checks the credentials of the subject passed in earlier. How this is done is implementation‑dependent. • commit() If the necessary logins were successful, JAAS will call commit () on each login module. • abort() As the necessary login modules failed, the the abort () method is called. • logout() This method logs out a subject.
LoginContext • The login context is used to actually log in. The code performing the authentication instantiates a LoginContext, which then uses a Configuration to determine which login modules to use to authenticate a subject. The code attempting to authenticate then calls login () on the LoginContext.
Configuration • Configuration isan abstract class that defines how a LoginContext and Loginmodules should be used. • The main use of a configuration is to determine which login modules need to be called and states of the entire login process. There are four possibilities : O Required ‑ must succeed for the entire login to succeed. Even fails, the other login modules are queried. O Requisite ‑ If fails, the login process is short‑circuited and no more login modules are called. O Sufficient ‑ If this module succeeds and no required or requisite modules fail, the entire login succeeds. O Optional ‑ This modules' success doesn't impact on the remainder of the login process. If no sufficient, requisite, or required modules fail, the login succeeds, regardless of whether an optional module succeeds.
Callback & CallbackHandler • The Callback interface contains no methods. It is simply there to tag classes that can be used to provide information from code attempting a login to the login module. • The CallbackHandler interface defines one method: handle (Callback [ ] callbacks).This method iterates through the callbacks provided and adds the requested information to each one.
Authentication Example The handle() method Code in the book p.247 The getName () method The PasswordLoginmodule The initialize () method The login () method The commit () method The abort () method The logout () method
Running the Example You should have the following files: O jaas.config O JAASSampleApp.java O PasswordLoginModule.java O PrincipalImpl.java UsernamePasswordCallbackHandler.Java Compile them with: C:\> javac *.Java.
Running the Example • We need to specify the location of the config file to the VM when we actually execute the application like so: • C:\> Java ‑Djava.security.auth.login.config== jaas.config JAASSampleApp testuser sasquatch • If all is successful, you should see your authenticated subject displayed like so: • Subject: • Principal: testuser • Otherwise, you will see the exception thrown.
Authorization There are two types of authorization when using JAAS: declarative and programmatic. Just like in the servlet and EJB security models, we can define static configurations that allow and disallow access to resources, or we can write code that uses more sophisticated logic to determine how to dole out our resources based on who is running the code.
Declarative Authorization • JAAS adds a new configuration directive to the policy file that defines permissions. We talked about the codebase and the signedby directive in Chapter 7, but now we're going to describe the Principal directive. This directive allows you to specify who must be running some code in order to have a certain permission. Here's a sample entry that you might use in a policy file: grant Principal PrincipalImpl "testuser" { permission java.io.FilePermission "c:\test\test.txt", "read,write"; }; • Declarative authorization is seldom actually used.
Programmatic Authorization It can be valuable to determine who is running the current code. You can get the current subject by call the static method getSubject () in the Subject class. This method requires an instance of java. security. AccessControlContext, which can be retrieved by using the method getcontext () in Java. security. AccessController. The code likes: AccessControlContext context = Accesscontroller.getContext(); Subject subject = Subject.getSubject(context); The retrieved subject can then be checked for principals to see what action should be performed.
Programmatic Authorization • To run code as a specific subject, we need to use the Subject. doAs ( ) method, which takes a subject and a java. security. PrivilegedAction, and runs the action as the subject. …… // Now were logged in, so we can get the //current subject. • Subject subject = loginContext.getSubject();// Perform the example action as the //authenticated subject. • subject.doAs(subject, new ExampleAction());
Bibliography [1] J. Garms and D. Somerfield. Professional Java Security. Wrox Press Ltd., 2001, pp. 244–258. [2] Scott Oaks. Java Security, 2nd ed. O’Reilly, 2001. [3] J. Jaworski, et al. Java Security handbook. Sams Publishing, 2000. [4] http://java.sun.com/Java Security [5] http://java.sun.com/products/jaas