Developing a Bulletproof Access Control System for a Java Web Application - Secure Java: For Web Application Development

Java Reference

In-Depth Information

Apart from this authorization coding part, it is possible to control authorization through pass-

ing of arguments to the virtual machine, which will initiate the default policy, based on the JAAS

default policy ile.

7.4.5.1 Privileged Block of Code for Authorized Subject: doAsPrivileged()

he doAsPrivileged() method is used to demarkate a sensitive block of code being exe-

cuted on behalf of a speciic subject. his method essentially accepts three parameters—subject,

PrivilegedAction , and AccessControlContext . By passing in null as the last argu-

ment to this method, we're allowing it to execute the PrivilegedAction code with only the

permissions granted to the subject. herefore, the subject must contain at least one principal that

has been granted the permission to read the policy ile.

he inline implementation of PrivilegedAction acts as a closure to pass to JAAS. It wraps

the code to be executed with the permissions granted to the subject. he method canRead()

contains an authorization check that eventually results in code like the following being called:

FilePermission departmentPerm = new FilePermission(“company.policy”,

“read”);

AccessController.checkPermission(departmentPerm);

In the above code, we do the following:

◾

Create a

FilePermission instance that represents the permission to read the ile “company.

polic y.”

Use the

◾

AccessController to see if the principal currently logged in has been granted

the required permission.

If the subject in question has been granted permission to read the ile, the checkPermis-

sion() method succeeds. Otherwise an exception called AccessControlException is

thrown.

he permissions granted to each principal, as per the organization's policy, are speciied in a

policy coniguration ile. he location of this ile is speciied by a VM argument.

he two grant entries below exemplify two diferent situations. Each of the grant situations

below is used not to grant (or to grant) permissions to speciic activities. In the irst case, the nor-

mal “user” principal is not granted any permission. However, the systems administrator indicated

as “sysadmin” principal is granted permission to read a speciic ile.

Code List:

grant Principal comp.UserPrincipal “user”

{

// not granted anything permissions

};

Code List:

{

permission java.io.FilePermission “/usr/org/admin/sysadmin/sysadmin.

policy”, “read”;

};

Secure Java: For Web Application Development

Search WWH ::

Custom Search

Home