三七文档
搜索

软件构件与中间件技术14-安全服务

整理文档很辛苦,赏杯茶钱您下走!

还剩 ... 页未读,继续阅读 >>

免费阅读已结束,点击下载阅读编辑剩下 ...

阅读已结束,您可以下载文档离线阅读编辑

资源描述

linhp@ss.pku.edu.cnJavaJ2EE          (secrecy  attack)  –  (integrity  attack)  –  (availability  attack)  – (denial-­‐of-­‐service  attack)   –  –  – – – 12341       DES(DataEncryptionStandard)56 3-DES:DESDES RC2RC42048 RC5 RSA RivestShamirAdleman  Diffie-Hellman          MD2128 MD4128 MD5128 SHA160 MACWhat  you  haveWhat  you  knowWhat  you  are   Principal– –  Credential               Authorization SecurityDomain          SecurityPolicyDomainrealm SecurityTechnologyDomain Kerberos            ACLIP……            /(CRL) IP IP IP  IP(IPSec) AH  ESPEncapsulatingSecurityPayload 护  IPTCPIPIPIPSecTCP  IPIPSecIP  TCP传输层 SSL     Java  Java  JCA  Java    Java  JAAS  Java  JSSE  Java  JCE  JavaJCAjavaJCAJCAJCAJavaJCEProviderJavaJavax.crypto.specJavax.security.certJava  javax.security.auth.spi  12  EJB (infrastructure) (policy)    EJB 2JAVA  1  2  1    2  JAVA  3  4  JAAS    3  2  3  4  5  5  JAAS  JAVA  JAAS  Subject          CertificatePrincipalPolicyLoginContextLonginModuleCallback  Callbackhandler   JAASjavax.security.authPublicfinalclassSubjectimplementSerializable{……publicstaticObjectdoAs(Subjectsubject,PrivilegedActionaction);//publicstaticObjectdoAsPrivileged(Subjectsubject,PrivilegedActionaction,AccessControlContextacc);//publicbooleanequals(Subjecto);//publicSetgetPrincipals();//publicSetgetPrivateCredentials();//publicSetgetPublicCredentials();//publicstaticSubjectgetSubject(finalAccessControlContextacc);//AccessControlContextpublicinthashCode();//publicbooleanisReadOnly();//publicvoidsetReadOnly();//publicStringtoString();//} java.security.certPublicabstractclassCertificateimplementsjava.io.Serializable{publicfinalStringgetType();//publicbooleanequals(Objectother);//publicinthashCode();//publicabstractbyte[]getEncoded();//publicabstractvoidverify(PublicKeykey);//publicabstractPublicKeygetPublicKey();publicabstractStringtoString();//} java.securitypublicinterfacePrincipal{publicbooleanequals(Objectanother);//publicStringtoString();//publicinthashCode();//publicStringgetName();//} java.securitypublicabstractclassPolicy{publicstaticPolicygetPolicy();//staticPolicygetPolicyNoCheck();publicstaticvoidsetPolicy(Policypolicy);//publicabstractPermissionCollectiongetPermission(CodeSourcecodesource);//publicabstractvoidrefresh();//} javax.security.auth.loginpublicclassLoginContext{publicabstractbooleanlogin();publicabstractbooleancommit();publicSubjectgetSubject();} javax.security.auth.spiSPIPublicinterfaceLoginModule{publicabstractvoidinitialize(Subjectsubject,CallbackHandlercallbackhandler,Mapmap,Mapmap1);publicabstractbooleanlogin();publicabstractbooleancommit();publicabstractbooleanabort();publicabstractbooleanlogout();} EJB EJB(Principal) EJB    Caller’ssecuritycontext    javax.ejb.EJBContext java.security.PrincipalgetCallerPrincipal();! BooleanisCallerInRole(StringroleName);! java.lang.IllegalStateException!publicclassEmployeeServiceBeanimplementsSessionBean{!EJBContextejbContext;!publicvoidchangePhoneNumber(...){!!...!!ContextinitCtx=newInitialContext();!!Objectresult=initCtx.lookup(java:comp/env/ejb/EmplRecord);!!EmployeeRecordHomeemplRecordHome=!!(EmployeeRecordHome)javax.rmi.PortableRemoteObject.!!!narrow(result,EmployeeRecordHome.class);!!callerPrincipal=ejbContext.getCallerPrincipal();!!callerKey=callerPrincipal.getName();!!EmployeeRecordmyEmployeeRecord=!!!emplRecordHome.findByPrimaryKey(callerKey);!!myEmployeeRecord.changePhoneNumber(...);!!...!}!}!isCallerInRole(StringroleName)!     public  class  PayrollBean  ...  {          EntityContext  ejbContext;          public  void  updateEmployeeInfo(EmplInfo  info)  {            oldInfo  =  ...  read  from  database;            //  The  salary  field  can  be  changed  only  by  callers            //  who  have  the  security  role  payroll            if  (info.salary  !=  oldInfo.salary  &&      !ejbContext.isCallerInRole(payroll))  {            throw  new  SecurityException(...);            }    …          }  ...  }    security-role-ref!!!description…/description!!role-name…/role-name!/security-role-ref!enterprise-beans!entity!ejb-nameAardvarkPayroll/ejb-name!...!security-role-ref!!description!!Thissecurityroleshouldbeassignedtotheemployeesofthe!payrolldepartmentwhoareallowedtoupdateemployees’!salaries.!!/description!!role-namepayroll/role-name!/security-role-ref! (securityview) ejb-jar   /    Securityrole Asemanticgroupingofpermissions   Methodpermission EJBHomeRemote assembly-descriptor!security-role!!description!!Thisroleincludestheemployeesofthe!!enterprisewhoareallowedtoaccessthe!!employeeself-serviceapplication.Thisrole!!isallowedonlytoaccesshis/herown!!information.!!/description!!role-nameemployee/role-name!/security-role!-(1)
1 EJBmethod!!ejb-na

相关文档
1 / 77
下载文档,编辑使用

©2015-2020 m.777doc.com 三七文档.

备案号:鲁ICP备2024069028号-1 客服联系 QQ:2149211541

×
取消 确定
保存成功