JavaTM security architecture 7

zhaozj2021-02-08  383

JavaTM security architecture (JDK1.2) 7. GuardedObject and SignedObject7.1 java.security.guardedObject and java.security.guard

Recall that the AccessControlContext class is very useful when access control decisions must be made in different contexts. Here is another situation: The consumer of resources from resources is not in the same thread, and the consumer thread cannot provide access control context information for the supplier thread (because the context is safe and sensitive; or the context is too large, can not be passed Or due to other reasons). In this case, we provide a class known as GuardedObject to protect access to this resource. See the following figure:

Basic ideas are: Resources suppliers can create objects representing this resource, then create a GuardedObject, nested the resource object, and then provide GuardedObject to the consumer. When you create GuardedObject, the supplier also specifies a Guard object; this, if some people (including consumers) can only get the resource object if some of the (secure) inside this Guard is satisfactory.

Guard is an interface, so any object can be selected to be a Guard. The only way to this interface is called Checkguard. It extracts an Object variable and performs a certain (secure) check. This Guard interface is implemented in the Permission class in java.security.

For example, suppose a system thread is required to open a file /a/b/c.txt for reading access, but the system thread does not know who the requester or this request is made. Therefore, the correct access control decision cannot be made on the server. The system thread can use GuardedObject to delay access control checks. As follows:

FileInputStream F = New FileInputStream ("/a/b/c.txt");

FILEPERMISSION P = New FilePermission ("/A/b/c.txt", "read");

GuardedObject G = New GuardedObject (f, p);

Now, the system thread can pass G to the consumer thread. Consumer threads should be obtained, must be called:

FileInputStream Fis = (fileInputstream) g.getObject ();

This method results call the Checkguard method on the Guard object P, and because P is a license, its Checkguard method is actually:

SecurityManager SM = system.getsecuritymanager ();

IF (SM! = null) sm.checkpermission (this);

This ensures that a real access control check occurs within the consumer context. In fact, you can replace the common hash table and access control list in many cases, and store the hash table of GuardedObject directly.

The basic model of this GuardedObject and Guard is very common. We look forward to inheriting this basic GuardedObject and Guard class, developers can easily obtain extremely powerful access control tools. For example, a call for each method can be obtained with a suitable method, and a Guard can check the time of the day, a caller's signature or other proof, or any other related information.

Note: Since GuardedObject returns an Object, some types of information will be lost. To use GuardedObject between the partners, the acceptor should understand what type (and the type of conversion) hoped to get the object. In fact, we preview the majority usage of GuardedObject involves creating subcaters (ie, forming a GuardedFileInputStream class), and the package typing information, and the type conversion can also be performed accordingly in the subclass.

7.2 java.security.signedObject

This class is the basic block block of other security elements. SignedObject contains another sequentially-sequentially-sequentially-signed object, the object being signed, and its digital signature. If the number sign is not empty, it will contain a valid digital signature of the object. This can be represented by the following figure:

The underlying signature algorithm is set by a way as a SIGN method called, the parameter of the method is the Signature object, and the algorithm can be one of the following algorithms: NIST standard DSA, using DSA and SHA-1. Like a digital signature, the algorithm is described in general, such as "SHA / DSA".

Signed object is an "depth copy" of an initial object (in serialized form), once the copy is completed, the initial object's operation does not generate side effects, and a signed object is constant.

Creating a typical thing to create a signed object is, for example:

Signature SigninGine = Signature.getInstance (Algorithm, Provider);

SignedObject SO = New SignedObject (MyObject, SigningKey, SignInGine);

A typical check example is as follows, SO is a received SignedObject object. If the name of the algorithm is known, the first line here can be ignored:

String algorithm = sol.getalgorithm ();

Signature VerificationEngine = Signature.getInstance (Algorithm, Provider);

So.Verify (VerificationEngine);

SignedObject potential applications include:

It can be used as an unable to be used in any Java application environment: it can be passed, without having to worry that the token is maliciously changed without being detected; it can be used to run Java The memory is signed and serialized data / objects (for example, stored access control on disk); nested SignedObjects can be used to construct a signature logical order, like authentication and authorized chains.

We expect this class to create a subclass in the future to allow multiple signatures on the same signature object. In this way, the existing method calls on this basic class will be fully compatible. Especially if there is only one signature, any GET method will return a separate value; if there are multiple signatures, it will return an arbitrary value from the signed set. ........ | Next | ..........

Welcome to contact us: Webmaster@prc.sun.com Copyright 1997-1998 Sun (China) Company, 16th Floor, Jianwei Building, No. 66 Beijing Nanke Road

转载请注明原文地址:https://www.9cbs.com/read-903.html

New Post(0)