Access control enforcement in java » Computer internet security  
Computer and internet security news
computer and networking security portal
 
|
|
|
News
|
Advertise
|
|
Products
|
Contact

Access control enforcement in java



Tuesday, July 31, 2007, 17:32
This news item was posted in Java security, security application development category and has 0 Comments so far.

The Java runtime keeps track of the sequence of Java calls that are made as a program executes. When access to a protected resource is requested, the entire call stack, by default, is evaluated to determine whether the requested access is permitted.

As mentioned earlier, resources are protected by the SecurityManager. Security-sensitive code in the Java platform and in applications protects access to resources via code like the following:

SecurityManager sm = System.getSecurityManager();
if (sm != null) {
   sm.checkPermission(perm);
}

where perm is the Permission object that corresponds to the requested access. For example, if an attempt is made to read the file /tmp/abc, the permission may be constructed as follows:

Permission perm =
    new java.io.FilePermission("/tmp/abc", "read");

The default implementation of SecurityManager delegates its decision to the java.security.AccessController implementation. The AccessController traverses the call stack, passing to the installed security Policy each code element in the stack, along with the requested permission (for example, the FilePermission in the above example). The Policy determines whether the requested access is granted, based on the permissions configured by the administrator. If access is not granted, the AccessController throws a java.lang.SecurityException.

Figure 4 illustrates access control enforcement. In this particular example, there are initially two elements on the call stack, ClassA and ClassB. ClassA invokes a method in ClassB, which then attempts to access the file /tmp/abc by creating an instance of java.io.FileInputStream. The FileInputStream constructor creates a FilePermission, perm, as shown above, and then passes perm to the SecurityManager’s checkPermission method. In this particular case, only the permissions for ClassA and ClassB need to be checked, because all system code, including FileInputStream, SecurityManager, and AccessController, automatically receives all permissions.

In this example, ClassA and ClassB have different code characteristics?they come from different locations and have different signers. Each may have been granted a different set of permissions. The AccessController only grants access to the requested file if the Policy indicates that both classes have been granted the required FilePermission

Related posts:

  1. Access control in java
  2. Java Language Security and Bytecode Verification
  3. Key and certificate storage in java
  4. The Java cryptography architecture is a framework
  5. Basic security architecture in java
  6. Key tols in java security

Related posts brought to you by Yet Another Related Posts Plugin.





Tagged with: ,

You can leave a response, or trackback from your own site.

Leave a Reply

Access control in java
3Com offers cheap IPS gateways




:::: Recent entries


 
Join My Community at MyBloglog!



My BlogCatalog BlogRank

Computers Blogs - Blog Top Sites