Jul 18

Java 2 Security Architecture #Java Short Notes

  • Security Services Provide
    • Data Integrity
    • Data Confidentiality
    • Access Control – Authentication and Authorization
  • Encryption helps to provide such security services
  • Core Java Security Architecture
    • — Core Java 2 Security Architecture
    • — Java Cryptography Architecture (JCA)
    • — Java Cryptography Extension (JCE)
    • — Java Secure Socket Extension (JSSE)
    • — Java Authentication and Authorization Service
    • — JCE and JSSE extends JCA
  • JCA – Platform Packages
    • java.security – core security classes and interfaces
    • java.security.cert – certificate management
    • java.security.interfaces – Interfaces used to manage DSA and RSA keys
    • java.security.spec – key specification, algorithm parameter specification
  • JCA – not useful for data encryption
  • JCE provides the data encryption
  • JCE packages: javax.crypto, javax.crypto.interfaces, javax.crypto.spec
  • JSSE includes a Java implementation of SSL and Transport Layer Security (TLS) – server authentication, message integrity, optional client authentication.
  • JSSE Packages:javax.net.ssl,javax.net,javax.security.cert
  • JAAS : limit access to resources based on user identity. JAAS implements PAM (Pluggable Authentication Module Framework) – user-based, group-based, role-based access control
  • JAAS packages:javax.security.auth,javax.security.auth.callback, javax.security.auth.login,javax.security.auth.spi
  • Core Security
    • java.security.Permission, PermissionCollection, Permissions – specify level of access to resources in J2EE applications
    • Permissions – sets of diverse permissions
    • Permission Example:
    • Permission has many subclasses like FilePermission, SerializablePermission, SocketPermission, NetPermission
    • FilePermission prm = new FilePermission(“c:test.img”,”read,write”);
    • Security Policy – list permissions in filesSystem Policy – jre/lib/security/java.policy fileUser Policy – java.policy file under user’s directory
    • Java 2 has a policy tool under [JAVA_HOMEbinpolicytool]- GUI based – to create/edit policy files – type policytool in the command prompt
    • Java Security Manager – determines whether requests to the access valued resources should be allowed? – core java security classes also ask security manager
    • For access permission check
    • Access Controller controls access to critical system resources. Security Manager calls Access Controller methods to delegate tasks
  • J2EE Application Security
    • J2EE Role Based Security
    • J2EE applications can contain both protected and unprotected resources. Access to the protected resources can be controlled using authorization mechanisms.
    • Authorization
      • Identification : recognize an entity – device or person
      • Authentication : process to identify
    • Role based security: create logical privileges known as roles – may be based on customer/user/job profile
    • Users are grouped together into the roles – same role users into the same role group
    • Creating roles for J2EE Applications:Create roles, associate them with an application, WAR file, JAR files
    • At the time of deployment, the deployer maps roles to the security identities
    • Principle: identity assigned to a user or group after authentication
    • A tool named deploytool can be used to add users and groups to a J2EE server.
    • You can get J2EE and deploytool at: http://java.sun.com/javaee/downloads/index.jsp
    • In deploytoolmenu->tools->server configuration->select users from left -> select reals from right ->
    • Provide ID/Password for the user. Assign a group to the user. – Rest will be common sense, play with the tool
    • You can also use realmtool to add users and groupsexample: realmtool -add 5006 5006admin admin,staffSyntax: -add user password groupsadd, import, userGroups
    • Under deployment tool, afterwards, you can apply permissions to the different applications. You can also view and modify the descriptor file from : menu->tools>view configuration.

From: http://sitestree.com/?p=4977
Categories:Java Short Notes
Tags:
Post Data:2006-12-17 23:47:44

Shop Online: https://www.ShopForSoul.com/
(Big Data, Cloud, Security, Machine Learning): Courses: http://Training.SitesTree.com
In Bengali: http://Bangla.SaLearningSchool.com
http://SitesTree.com
8112223 Canada Inc./JustEtc: http://JustEtc.net (Software/Web/Mobile/Big-Data/Machine Learning)
Shop Online: https://www.ShopForSoul.com/
Medium: https://medium.com/@SayedAhmedCanada