JAAS Authorization Tutorial
注:主要參考SUN的JAAS tutorial
上一篇文章主要是講JAAS authorization(認證)的,這篇主要講JAAS Athorization(授權),授權部分主要是判斷對于已經經過認證的用戶是否有對一些安全敏感的資源有訪問控制的權限(access control right)
What is JAAS Authorization?
JAAS Athorization繼承現有的安全構架,用安全策略(Policy)分配和指派執行代碼的訪問權限。這個架構是以代碼為中心的(code-centric),所以權限(Permission)有幾個特性:
1. 代碼的來源。
2. 代碼是否數字簽名(digitally signed)并且是誰簽名
* 策略(Policy)的默認Provider是 policy.provider=sun.security.provider.PolicyFile(參考jre下的java.security文件)。所以權限(Permission)是通過一個Policy文件分配的。下面是一個簡單的例子,(可以不用仔細了解,以后針對Policy專門寫篇介紹文章)
grant codebase "file:./SampleAcn.jar" {
permission javax.security.auth.AuthPermission "createLoginContext.Sample";
};
* 用戶或者一個服務(Service)通過JAAS authentication認證之后,返回的結果是一個Subject,這個Subject代表一個已經經過認證的用戶,一個Subejct由多個Principal組成,每個Principal都具有唯一標識,例如一個Subject可以擁有一個name Principal ("Susan Smith")和一個 Social Security Number Principal ("987-65-4321")
* 不同的Principal通過策略(policy)分配不同的權限,用戶通過認證后,java 運行時自動判斷這個策略這個權限包含在哪個Principal中,并且這個Principal與這個Subject關聯的Access Control Context(訪問控制上下文)中是否包含這個Principal。
How is JAAS Authorization Performed?
JAAS authorization執行需三個要求:
1. 用戶已經被認證過
2. 安全策略(Security policy)必須配置 Principal-based entries
3. 認證生成Subject必須是和當前的Access Control context關聯。
How Do You Make Principal-Based Policy File Statements?
下面是一個Policy
片斷,此處可以不用仔細了解,以后針對Policy專門寫篇介紹文章。
grant codebase "file:./SampleAction.jar",
Principal sample.principal.SamplePrincipal "testUser" {
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "user.home", "read";
permission java.io.FilePermission "foo.txt", "read";
};
How Do You Associate a Subject with an Access Control Context?
1.用戶必須第一次被認證
2 掉用static的doAs或者doAsPrivileged方法,這2個方法中都傳入一個實現了PrivilegedAction或者PrivilegedExceptionAction的實例,實際執行操作的就是這個action里的run方法。
具體說明如下:
The static doAs method from the Subject class must be called, passing it an authenticated Subject and a
java.security.PrivilegedAction or java.security.PrivilegedExceptionAction. (See API for Privileged Blocks
for a comparison of PrivilegedAction and PrivilegedExceptionAction.) The doAs method associates the
provided Subject with the current access control context and then invokes the run method from the action.
The run method implementation contains all the code to be executed as the specified Subject. The action thus
executes as the specified Subject.
The static doAsPrivileged method from the Subject class may be called instead of the doAs method, as will
be done for this tutorial. In addition to the parameters passed to doAs, doAsPrivileged requires a third
parameter: an AccessControlContext. Unlike doAs, which associates the provided Subject with the current
access control context, doAsPrivileged associates the Subject with the provided access control context or
with an empty access control context if the parameter passed in is null, as is the case for this tutorial.
See doAs vs. doAsPrivileged in the JAAS Reference Guide for a comparison of those methods.
具體的部分代碼示例如下:
Subject mySubject = lc.getSubject();
PrivilegedAction action = new SampleAction();
Subject.doAsPrivileged(mySubject, action, null);
其中SampleAction代碼
public class SampleAction implements PrivilegedAction {
public Object run() {
System.out.println("\nYour java.home property value is: " + System.getProperty("java.home"));
System.out.println("\nYour user.home property value is: " + System.getProperty("user.home"));
File f = new File("foo.txt");
System.out.print("\nfoo.txt does ");
if (!f.exists())
System.out.print("not ");
System.out.println("exist in the current working directory.");
return null;
}
}
其余代碼和JAAS authentication的代碼差不多。Policy文件會有所差別,另外文章具體再講。
運行代碼需要添加參數
-Djava.security.manager that a security manager should be installed,
-Djava.security.policy==sampleazn.policy that the policy file to be used is sampleazn.policy
-Djava.security.auth.login.config==sample_jaas.config that the login configuration file to be used is sample_jaas.config.
參考資源:
http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/tutorials/GeneralAcnAndAzn.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/PolicyFiles.html