JAAS Authorization Tutorial
注:主要参考SUN的JAAS tutorial
上一篇文章主要是讲JAAS authorization(认证)的,这篇主要讲JAAS Athorization(授权),授权部分主要是判断对于已经经过认证的用户是否有对一些安全敏感的资源有访问控制的权限(access control right)
What is JAAS Authorization?
JAAS Athorization继承现有的安全构架,用安全策略(Policy)分配和指派执行代码的访问权限。这个架构是以代码为中心的(code-centric),所以权限(Permission)有几个特性:
1. 代码的来源。
2. 代码是否数字签名(digitally signed)并且是谁签名
* 策略(Policy)的默认Provider是 policy.provider=sun.security.provider.PolicyFile(参考jre下的java.security文件)。所以权限(Permission)是通过一个Policy文件分配的。下面是一个简单的例子,(可以不用仔细了解,以后针对Policy专门写篇介绍文章)
grant codebase "file:./SampleAcn.jar" {
permission javax.security.auth.AuthPermission "createLoginContext.Sample";
};
* 用户或者一个服务(Service)通过JAAS authentication认证之后,返回的结果是一个Subject,这个Subject代表一个已经经过认证的用户,一个Subejct由多个Principal组成,每个Principal都具有唯一标识,例如一个Subject可以拥有一个name Principal ("Susan Smith")和一个 Social Security Number Principal ("987-65-4321")
* 不同的Principal通过策略(policy)分配不同的权限,用户通过认证后,java 运行时自动判断这个策略这个权限包含在哪个Principal中,并且这个Principal与这个Subject关联的Access Control Context(访问控制上下文)中是否包含这个Principal。
How is JAAS Authorization Performed?
JAAS authorization执行需三个要求:
1. 用户已经被认证过
2. 安全策略(Security policy)必须配置 Principal-based entries
3. 认证生成Subject必须是和当前的Access Control context关联。
How Do You Make Principal-Based Policy File Statements?
下面是一个Policy
片断,此处可以不用仔细了解,以后针对Policy专门写篇介绍文章。
grant codebase "file:./SampleAction.jar",
Principal sample.principal.SamplePrincipal "testUser" {
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "user.home", "read";
permission java.io.FilePermission "foo.txt", "read";
};
How Do You Associate a Subject with an Access Control Context?
1.用户必须第一次被认证
2 掉用static的doAs或者doAsPrivileged方法,这2个方法中都传入一个实现了PrivilegedAction或者PrivilegedExceptionAction的实例,实际执行操作的就是这个action里的run方法。
具体说明如下:
The static doAs method from the Subject class must be called, passing it an authenticated Subject and a
java.security.PrivilegedAction or java.security.PrivilegedExceptionAction. (See API for Privileged Blocks
for a comparison of PrivilegedAction and PrivilegedExceptionAction.) The doAs method associates the
provided Subject with the current access control context and then invokes the run method from the action.
The run method implementation contains all the code to be executed as the specified Subject. The action thus
executes as the specified Subject.
The static doAsPrivileged method from the Subject class may be called instead of the doAs method, as will
be done for this tutorial. In addition to the parameters passed to doAs, doAsPrivileged requires a third
parameter: an AccessControlContext. Unlike doAs, which associates the provided Subject with the current
access control context, doAsPrivileged associates the Subject with the provided access control context or
with an empty access control context if the parameter passed in is null, as is the case for this tutorial.
See doAs vs. doAsPrivileged in the JAAS Reference Guide for a comparison of those methods.
具体的部分代码示例如下:
Subject mySubject = lc.getSubject();
PrivilegedAction action = new SampleAction();
Subject.doAsPrivileged(mySubject, action, null);
其中SampleAction代码
public class SampleAction implements PrivilegedAction {
public Object run() {
System.out.println("\nYour java.home property value is: " + System.getProperty("java.home"));
System.out.println("\nYour user.home property value is: " + System.getProperty("user.home"));
File f = new File("foo.txt");
System.out.print("\nfoo.txt does ");
if (!f.exists())
System.out.print("not ");
System.out.println("exist in the current working directory.");
return null;
}
}
其余代码和JAAS authentication的代码差不多。Policy文件会有所差别,另外文章具体再讲。
运行代码需要添加参数
-Djava.security.manager that a security manager should be installed,
-Djava.security.policy==sampleazn.policy that the policy file to be used is sampleazn.policy
-Djava.security.auth.login.config==sample_jaas.config that the login configuration file to be used is sample_jaas.config.
参考资源:
http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/tutorials/GeneralAcnAndAzn.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/PolicyFiles.html