The Java Authentication and Authorization Service (JAAS)

Post on 08-Jan-2016

74 views 5 download

Preview:

Click to see full reader
Report this document
SHARE

description

The Java Authentication and Authorization Service (JAAS). Priit Salumaa Tartu 200 3. Sissejuhatuseks. Java TM 2 Platform Security Architecture + JAAS ehk (koodipõhine + kasutajapõhine kontroll). JAAS - Priit Salumaa. Java 2 platvormi turvamudel ( 1 ). Liivakastist välja. - PowerPoint PPT Presentation

Transcript of The Java Authentication and Authorization Service (JAAS)

The Java Authentication and Authorization Service (JAAS)

Priit Salumaa

Tartu 2003

Sissejuhatuseks

• JavaTM 2 Platform Security Architecture+ JAAS ehk(koodipõhine + kasutajapõhine kontroll)

JAAS - Priit Salumaa

Java 2 platvormi turvamudel (1)

JAAS - Priit Salumaa

• Liivakastist välja

Java 2 platvormi turvamudel (2)

JAAS - Priit Salumaa

• Turvapoliitikad + lokaalse koodi kontroll

AccessController

Mõisted

JAAS - Priit Salumaa

• Kasutajapõhine tuvastamine (Authentication) ja juurdepääsukontroll (Authorization)

• Isik (subject) - suvalise teenuse kasutaja

• Kasutajatunnus (principal) - isikuga seotud nimi, võib olla mitmeid (nimi, avalik võti)

• Volitus (credential) - isiku salajased ja avalikud voliatribuudid (parool, salajane võti, Kerberose pilet, avalik võti jne.)

PAM ja pinu laadne tuvastus

JAAS - Priit Salumaa

• PAM (Pluggable Authentication Module)– sõltumatus kasutajatuvastusteenustest– LoginContext klass ja LoginModule

• Logimismoodulite pinu– tuvastuse katse– tuvastuse teostus– katkestamine

• Võrk ja üksikrakendus

Volituste põhine pääsukontroll

JAAS - Priit Salumaa

• JAAS + Java 2 vaikimisi turvapoliitika:

grantCodebase "http://bar.com,Signedby "bar",Principal bar.Principal "duke" {permission java.io.FilePermission "/cdrom/duke/-", "read";

}

Grupid, rollid hierarhia

JAAS - Priit Salumaa

• Rollid ja grupid kui volitused

grantPrincipal foo.Role "administrator"{permission java.io.FilePermission "/passwords/-", "read, write";

}

• PrincipalComparator liides

Juurdepääsukontrolli realisatsioon

JAAS - Priit Salumaa

• java.lang.SequrityManager• java.sequrity.AccessControlle• + Subject.doAs() (JAAS)

• = Kasutaja ja koodi põhine pääsukontroll

• Dünaamiliselt seostatakse accsess control context ja isik. – java.sequrity.DomainCombiner liides

Virtuaalmasin ja JAAS

JAAS - Priit Salumaa

• JAAS pakub VM laiendust tuvastusfunktsioonide osas

• Mitme kasutaja keskkond VM sees

• Igale kasutajale shell

• Lisaks kasutaja identiteedile on võimalik koodile anda mingi kindla kasutaja õigused - UserPermissions

Mõned puudused ja tulevik

JAAS - Priit Salumaa

• Skaleeritavus – sertifitseeritud kolmas osapool

• Hajususe toetus (RMI turvalisus)

• Jini – teenuse registreerimine ja lokaliseerimine

Top related

Authentication / Authorization with Drupal...Authentication / Authorization with Drupal Authorization: Drupal LDAP Good BAD Pros • Uses CornellAD Cons • Only applies application
 Documents
Authentication and Authorization for Constrained Environments · 2019-01-11 · Authentication and Authorization for Constrained Environments Master Thesis Urs Gerber ... called Authentication
 Documents
Authorization, Authentication, And Security
 Documents
Authentication Authorization and Accounting Configuration ...
 Documents
Authentication and Authorization in Asp.Net
 Technology
Authentication, Authorization, and Accounting
 Documents
Forms Authentication, Authorization, User Accounts, and ... · PDF fileForms Authentication, Authorization, User Accounts, and Roles :: User-Based Authorization ... ASP.NET makes it
 Documents
Authentication - University of Southern Californiacsci530l/slides/lab-authentication-color.pdf · authentication != authorization – authorization establishes what user can do once
 Documents
Identification, Authentication and Authorization on the ... · Identification, Authentication and Authorization on the ... these concerns focus on identification, authentication and
 Documents
Best Practices: Authentication & Authorization Infrastructure€¢Tokens: in modern security standards are all about them. •Decoupling authentication / authorization (OIDC authentication
 Documents
Authorization and Authentication Infrastructure
 Documents
Authentication, Authorization, and Audit Design Pattern: Internal User Identity ... · Authentication, Authorization, and Audit Design Pattern: Internal User Identity Authentication
 Documents
Forms Authentication, Authorization, User Accounts, and Roles :: …€¦ · Forms Authentication, Authorization, User Accounts, and Roles :: User-Based Authorization Introduction
 Documents
Authentication, Authorization, & Identity Management
 Documents
Forms Authentication, Authorization, User Accounts, and …download.microsoft.com/.../aspnet_tutorial02_FormsAuth_vb.pdf · Forms Authentication, Authorization, User Accounts, and
 Documents
UAG Authentication and Authorization- part1
 Documents
Authorization and Authentication in gLite
 Documents
Authentication, authorization
 Documents
JAAS Java Authentication And Authorization Service API Master Seminar Advanced Software Engineering Topics Matthias Buchs.
 Documents
Authentication and Authorization (including focussing on ...iamsect.ncl.ac.uk/dissemination/breaking-boundaries/Authentication … · Distributed authentication and authorization
 Documents

Copyright © 2022 FDOCUMENTS