Access control in java » Computer internet security  
Computer and internet security news
computer and networking security portal
 
|
|
|
News
|
Advertise
|
|
Products
|
Contact

Access control in java



Tuesday, July 31, 2007, 17:31
This news item was posted in Java security, security application development category and has 1 Comment so far.

The access control architecture in the Java platform protects access to sensitive resources (for example, local files) or sensitive application code (for example, methods in a class). All access control decisions are mediated by a security manager, represented by the java.lang.SecurityManager class. A SecurityManager must be installed into the Java runtime in order to activate the access control checks.

Java applets and Javaâ„¢ Web Start applications are automatically run with a SecurityManager installed. However, local applications executed via the java command are by default not run with a SecurityManager installed. In order to run local applications with a SecurityManager, either the application itself must programmatically set one via the setSecurityManager method (in the java.lang.System class), or java must be invoked with a -Djava.security.manager argument on the commandline.

Permissions

When Java code is loaded by a class loader into the Java runtime, the class loader automatically associates the following information with that code:

  • Where the code was loaded from
  • Who signed the code (if anyone)
  • Default permissions granted to the code

This information is associated with the code regardless of whether the code is downloaded over an untrusted network (e.g., an applet) or loaded from the filesystem (e.g., a local application). The location from which the code was loaded is represented by a URL, the code signer is represented by the signer’s certificate chain, and default permissions are represented by java.security.Permission objects.

The default permissions automatically granted to downloaded code include the ability to make network connections back to the host from which it originated. The default permissions automatically granted to code loaded from the local filesystem include the ability to read files from the directory it came from, and also from subdirectories of that directory.

Note that the identity of the user executing the code is not available at class loading time. It is the responsibility of application code to authenticate the end user if necessary (for example, as described in Section 6). Once the user has been authenticated, the application can dynamically associate that user with executing code by invoking the doAs method in the javax.security.auth.Subject class.

Related posts:

  1. Access control enforcement in java
  2. Authentication in java
  3. Assessing the security of Java applications
  4. Basic security architecture in java
  5. Java Language Security and Bytecode Verification
  6. Background of java security

Related posts brought to you by Yet Another Related Posts Plugin.





Tagged with: ,

You can leave a response, or trackback from your own site.

1 Response to “Access control in java”

  1. shabri said on Monday, January 5, 2009, 10:57

    hello i am a student doin my BCA degree. and i am doing my project in the field of access control using JASS\JAC. I need your help in this regard. kindly help me out and provide necessary information with which i can proceed furthur..

Leave a Reply

Mod Security does offer some form of protection
Access control enforcement in java




:::: Recent entries


 
Join My Community at MyBloglog!



My BlogCatalog BlogRank

Computers Blogs - Blog Top Sites