Summary

J2SE security model includes a highly flexible, configurable and extensible framework for code-based authorization of actions. This has been further extended by JAAS to include user authentication and user-based authorization. The complete framework consists of a number of APIs, configuration files, system properties and tools.

Permissions are specified in policy files and are granted to all code, code downloaded from a specific location (jar file or directory identified by an URL), signed by the owner of a X.509 certificate, code running on behalf of an authenticated user, or any combination of these. These permissions can be specified in one or more policy files and can be applied to all programs, programs launched by a specific OS user or a single program.

It is possible to provide custom classes to read and store authorization policy from a location and format of the programmer's choice. The default implementation reads policies from files at startup time and may not be adequate for complex applications that are required to handle voluminous and more dynamic authorization policies.

Permissions are represented as normal Java classes with a target name and, optionally, a set of actions. Permission classes for security sensitive operations implemented by J2SE SDK classes come along with J2SE SDK. Application-specific permission classes can be developed as per application authorization need.

LoginContext class allows a program to login and logout users with a very simple API. Internally, it obtains information about the various login modules and associated policies from a login configuration file and performs a two-phase operation to make sure that the user credentials are validated by different login modules as per the policies of the configuration file.

There exists a SPI (Service Provider Interface) to develop login modules to interact with any existing or new user account management system. This capability, coupled with the login configuration file, provides complete separation of application code and the user account management system. In this chapter, we built a simple user account system from scratch and wrote a login module, JSTKLoginModule, to interface with this account system.

The framework has a Subject class to represent username and role identities of a user and various other classes to run specific portions of code in the context associated with a specific user. These are used by the AccessController class, the main class to enforce permissions, to perform runtime checks.