Developing a Bulletproof Access Control System for a Java Web Application - Secure Java: For Web Application Development

Java Reference

In-Depth Information

7.4.3.1.1 Principal

he JAAS deines a class called principal, which represents the identity of a subject. To com-

plete the deinition of the principal attribute, the principal class must implement two interfaces—

java.security.Principal interface and java.io.Serializable interface. For

example, the following code list enunciates the creation of a principal (name) of an employee:

Code List:

package sample.principal;

import java.security.Principal;

public class MyPrincipal implements Principal, java.io.Serializable {

private String empName;

public MyPrincipal(String empName) {

if (empName == null) throw new NullPointerException(“Name of the

Employee cannot be null”);

this.name = name;

}

public String getName() {

return empName;

}

public String toString() {

return(“MyPrincipal: “ + empName);

}

....

}

7.4.3.1.2 Credentials

A credential can be compared to the identiication conirmation part of a secure Java application.

For example, username and associated password pair could be considered one set of credentials;

the Social Security number of a person and associated ingerprint information could be considered

another set of credential information. he credential information in Java world is classiied into

two diferent aspects—public credential and private credential. A public credential represents a

known and “public” aspect of a person or a subject—name, employee ID, or public key. he private

credential, on the other hand, represents the private aspect of the public credential information—

for instance, a password for the employee name, a private key for the employee's public key, or the

ingerprint information of a citizen of a country.

Public and private credential classes are, therefore, not part of the core JAAS class library. Any

plain Java class can represent a credential attribute for a subject. Application developers need to

choose to have their credential classes implement two interfaces related to credentials— javax.

security.auth.Refreshable and javax.security.auth.Destroyable . he two

interfaces identiied above allow special properties associated with the credentials aspect of the

object. he javax.security.auth.Refreshable interface provides the capability for a

credential to refresh its contents. Likewise, the javax.security.auth.Destroyable inter-

face provides the capability of destroying the contents within a credential. Developers of secure

Web applications can choose to have their credential classes, based on the security requirement

Search WWH ::

Custom Search

Home