4th International Conference on Principles and Practices ... - MADOC

More documents

Recommendations

Info

The Management of Users, Roles, and Permissions in JDOSecure Matthias Merz Department of Information Systems III University of Mannheim L 5,5, D-68131 Mannheim, Germany merz@uni-mannheim.de ABSTRACT The Java Data Objects (JDO) specification proposes a transparent and database-independent persistence abstraction layer for Java. Since JDO is designed as a lightweight persistence approach, it does not provide any authentication or authorization capabilities in order to restrict user access to persistent objects. The novel security approach, JDOSecure, introduces a role-based permission system to the JDO persistence layer, which is based on the Java Authentication and Authorization Service (JAAS). However, using JAAS policy files to define appropriate permissions becomes more complex and, therefore, error-prone with an increasing number of different users and roles. Thus, JDOSecure comprises a management solution for users, roles, and permissions. It allows storing the information which is necessary for authentication and authorization in any arbitrary JDO resource. Furthermore, a Java-based administration utility with a graphical user interface simplifies the maintenance of security privileges and permissions. Categories and Subject Descriptors D.2.11 [Software Engineering]: Software Architectures; K.6.5 [Management of Computing and Information Systems]: Security and Protection 1. INTRODUCTION The Java Data Objects (JDO) specification proposes a transparent and database-independent persistence abstraction layer for Java [6, 7]. It enables application developers to deal with persistent objects in a transparent fashion. Furthermore, JDO as a data store independent abstraction layer enables the mapping of domain object architectures to any arbitrary type of data store. JDOSecure [9, 10] is a novel security architecture developed as an add-on for the Java Data Objects specification (more information about JDOSecure could be found at projekt-jdo.uni-mannheim.de/JDOSecure). Its objective Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. PPPJ 2006 August 30 – September 1, 2006, Mannheim, Germany Copyright 2006 ACM X-XXXXX-XX-X/XX/XX ...$5.00. is preventing unauthorized access to the data store while using the JDO API. It introduces a fine grained access control mechanism to the JDO persistence layer and allows the definition of role-based permissions. In detail, permissions could be set for individual user-roles, a specific package or class, and a CRUD 1 -operation. Based on the dynamic proxy approach, JDOSecure is able to collaborate with any JDO implementation without source code modification or recompilation. In order to authenticate and authorize users accessing a JDO resource, JDOSecure implements the Java Authentication and Authorization Service (JAAS). The default JAAS implementation uses permissions and simple policy-files to allow or disallow access to crucial system resources. However, defining appropriate permissions in simple text-files becomes more and more complex with an increasing number of different users and roles. In order to reduce possible inconsistency and potential typos, JDOSecure comprises a management solution for users, roles, and permissions. It allows storing the authentication and authorization information in any arbitrary JDO resource. Furthermore, a Java-based administration utility with a graphical user interface simplifies the maintenance of security privileges and permissions. In this paper, we shall focus on the management of users, roles, and permissions in JDOSecure. The outline of the paper is organized as following: Section two introduces the current JDO specification and recalls the design of the Java Authentication and Authorization Service. Section three outlines the architecture of JDOSecure. In section four we will present the new management solution for users, roles, and permissions. The last section will give a critical review and will address topics for future research. 2. TECHNOLOGY OVERVIEW In this section, we will provide a basic technology overview to the Java Data Objects specification and to the Java Authentication and Authorization Service. 2.1 The Java Data Objects Specification The Java Data Objects specification is an industry standard for object persistence developed by an initiative of Sun Microsystems under the auspices of the Java Community Process [6]. JDO was introduced in April 2002 and is intended for the usage within the Java 2 Standard (J2SE) and 1 CRUD is an acronym for Create, Retrieve, Update, and Delete. Persistence Frameworks usually provide appropriate methods to manage persistent objects. 85
Enterprise Edition (J2EE). It enables application developers to deal with persistent objects in a transparent fashion. Thus, JDO as a data store independent abstraction layer enables the mapping of domain object architectures to any type of data store. The recent version of JDO (JDO 2.0) was finally approved in may 2006 [7]. Its objective is to simplify the usage of JDO e.g. by providing a standardized object/relational mapping format to allow a higher degree of application portability. It also introduces an attach/detach mechanism for persistent objects to facilitate middle tier architectures. One of its most beneficial features is the extension of the JDO Query language (JDOQL) to support e.g projections, aggregates, or named queries. The JDO specification defines two packages: The JDO Application Programming Interface (API) allows application developers to access and manage persistent objects. The classes and interfaces of the Service Providers Interface (SPI) are intended to be used exclusively by a JDO implementation. The interfaces and classes of the JDO API are located in the package javax.jdo [6, 7]. The Transaction interface provides methods for initiation and management of transactions under user control. The Query interface allows obtaining persistent instances from the data store by providing a Java-oriented query language called JDO Query Language (JDOQL). The PersistenceManager serves as primary application interface and provides methods to control the life cycle of persistent objects. An instance implementing this interface could be constructed by calling the getPersistenceManager() method of a PersistenceManagerFactory instance. Since PersistenceManagerFactory itself is just another interface, constructing an instance prior to this type becomes necessary. It usually could be constructed by calling the static JDOHelper method getPersistenceManagerFactory(Properties props). The class JDOHelper is also part of the JDO API and enables an easy replacement of the currently preferred JDO implementation without source code modifications in context of an application. The information about the currently used JDO implementation and data store specific parameters has to be passed to this method by a Properties object. A user identification and a password in order to access the underlying data store are also part of the Properties object. In order to prevent misunderstandings, the JDO persistence approach does not distinguish between different user identifications or individual permissions. With the construction of a PersistenceManager instance, the connection to the data store will be established and users are able to access the resource without further restrictions. Every instance that should be managed by a JDO implementation has to implement the PersistenceCapable interface. As part of the JDO SPI package, the PersistenceCapable interface does not have to be implemented explicitly by an application developer. Instead, the JDO specification prefers a post-processor tool (JDO-Enhancer) that automatically implements the PersistenceCapable interface. It transforms regular Java classes into persistent classes by adding the code to handle persistence. An XML-based persistence descriptor has to be configured previously. The JDO-Enhancer evaluates this information and modifies the Java bytecode of these classes adequately. The JDO specification assures the compatibility of the generated bytecode for the use within different JDO implementations. The StateManager interface as part of the JDO SPI provides the management of persistent fields and controls the object lifecycle of persistent instances. Although JDO provides a standardized, transparent and data store independent persistence solution including tremendous benefits to Java application developers, the JDO specification has also been critized in the Java community. Besides technical details like the JDO enhancement process [15], the substantial overlaps between the Enterprise JavaBeans specification [5] and JDO [8], as well as the conceptual design as a lightweight persistence approach has been criticized. Some experts even argue that shifting JDO to a more comprehensive approach including distributed access functions and multi-address-space communication [14] is necessary. As a result of it’s lightweight nature, JDO does not provide a role-based security architecture, e.g. to restrict the access of individual users to the data store. Consequently, the JDO persistence layer does not provide any methods for user authentication or authorization. Every user has full access privileges to store, query, update and delete persistent objects without further restrictions. For example, using the getObjectById() method allows him to receive any persistent object whereas the deletePersistent() method enables a user to delete objects from the data store. At first glance, a slight improvement could be achieved by setting up individual user identifications at the level of the data store. This would allow the construction of different and user dependent PersistenceManagerFactory instances. If, however, all users should have access to a common database, individual user identifications and appropriate permissions have to be defined inside the data store. However, configuring user permissions to restrict the access to certain objects is quite complex. For example, when using a relational database management system, the permissions would have to be configured, based on the object-relational mapping scheme and the structure of the database tables. Thus, it leads to the disadvantage of causing a strong dependency between the user application and the specific data store. In addition to that, a later replacement of the data store preferred currently leads to a time-consuming and expensive migration. It is obvious that the strong binding of security permissions to a specific data store contradicts the intention of JDO, which is providing application programmers a data-store-independent persistence abstraction layer. As JDOSecure is based on the Java Authentication and Authorization Service, the following section will give a brief overview to this approach. 2.2 The Java Authentication and Authorization Service The Java security architecture is based on three components: Bytecode verifier, class loader and security manager (cf. [13] and [4]). The bytecode verifier checks the correctness of the bytecode and prevents stack overflows. The class loader locates and loads classes into the Java Virtual Machine (JVM) and defines a unique namespace for each class. The security manager or, more accurately, the AccessController instance checks the invocation of operations relevant to security e.g. local file system access, the setup of system properties or the use of network sockets (cf. figure 1). 86
Page 1 and 2:
Edited by: Ralf Gitzel, Markus Alek
Page 3 and 4:
Message from the Chairs Dear confer
Page 5 and 6:
Sam Midkiff, Purdue University (USA
Page 7 and 8:
Session F: Novel Uses of Java______
Page 10 and 11:
The Project Maxwell Assembler Syste
Page 12 and 13:
tomated assembler and disassembler
Page 14 and 15:
memory address offset mnemonic argu
Page 16 and 17:
5.2 Instruction Templates The assem
Page 18 and 19:
ange for a very short restart/debug
Page 20 and 21:
Tatoo: an innovative parser generat
Page 22 and 23:
In the grammar file an error termin
Page 24 and 25:
Figure 3: Push parsers and lexers L
Page 26 and 27:
eturn visit((Expr)p1, param); } R v
Page 28:
Session B Program and Performance A
Page 31 and 32:
Table 1: Use of interfaces and deco
Page 33 and 34:
Table 3: Comparison of the situatio
Page 35 and 36:
will trigger the creation of many n
Page 37 and 38:
Appendix A 10 9 8 7 6 5 4 3 2 1 0 1
Page 39 and 40:
Throughout this paper, we make no a
Page 41 and 42: instrumented program and obtained t
Page 43 and 44: Figure 5: Investigation of garbage
Page 45 and 46: to the same category—again, this
Page 47 and 48: Investigating Throughput Degradatio
Page 49 and 50: Figure 1: Apache. Throughput degrad
Page 51 and 52: Minor GC Full GC Workload # of Avg.
Page 53 and 54: Figure 6: Comparing memory and pagi
Page 55 and 56: GenRC on the other hand, allows the
Page 58: Session C Mobile and Distributed Sy
Page 61 and 62: ing a continuous buffer for raw dat
Page 63 and 64: the data arrival speed is more impo
Page 65 and 66: public class StreamingClient { publ
Page 67 and 68: importance of β in our aggregation
Page 69 and 70: Enabling Java Mobile Computing on t
Page 71 and 72: A strongly mobile thread has the ab
Page 73 and 74: a context switch occur. The invoked
Page 75 and 76: above phases. Now, the new stack ha
Page 77 and 78: 5 frames 15 frames 25 frames Pure d
Page 79 and 80: Juxta-Cat: A JXTA-based platform fo
Page 81 and 82: Figure 1: JXTA Architecture. 3. JUX
Page 83 and 84: • Send a discovery query to the p
Page 85 and 86: The best candidate is then the one
Page 87 and 88: Local Hosts=2 Hosts=4 Hosts=8 Hosts
Page 90: Session D Resource and Object Manag
Page 95 and 96: As pictured in Figure 4, JDOSecure
Page 97 and 98: Methods of a PersistenceManager, th
Page 99 and 100: Datenmodell abstrahiert user role,
Page 101 and 102: An Extensible Mechanism for Long-Te
Page 103 and 104: missing object references in the de
Page 105 and 106: 4.2 Mapping the name spaces of the
Page 107 and 108: (a) (b) ColorSliderPanel0 color
Page 109 and 110: 8. REFERENCES [1] Abu-Ghazaleh, N.,
Page 111 and 112: permission by process. In other wor
Page 113 and 114: The processor then refers to the en
Page 115 and 116: 1: // Protection domain 2: struct p
Page 117 and 118: Table 3: Frequency of JNI calls tha
Page 119 and 120: [13] Intel Corporation. IA-32 Intel
Page 121 and 122: 01 try { 02 ... 03 } finally { 04 t
Page 123 and 124: 2. FRAMEWORK The Framework for Unif
Page 125 and 126: ManagedInputStream ResourceGroup Ma
Page 127 and 128: 18. throw ‡ 1. release 17. cleanu
Page 129 and 130: 3. FUTURE WORK The ability to split
Page 131 and 132: 124
Page 133 and 134: UML sequence diagrams are among the
Page 135 and 136: diagrams, and behavioral (dynamic)
Page 137 and 138: the official scripting language for
Page 139 and 140: Apache's XML Graphics Project. A cu
Page 141 and 142:
Java Debug Interface (JDI). In Revi
Page 143 and 144:
1.3 JML 1.3.1 Overview JML, the Jav
Page 145 and 146:
The Usage of CANAPA is fairly strai
Page 147 and 148:
*@non_null@*/ String str = attribut
Page 149 and 150:
142
Page 151 and 152:
parallel and distributed versions o
Page 153 and 154:
RingElem CextendsRingElem GenPolyno
Page 155 and 156:
RingElem +isZERO():bolean CextendsR
Page 157 and 158:
class constructors with the actual
Page 159 and 160:
plemented via a distributed hash ta
Page 161 and 162:
which are common nowadays. The reus
Page 163 and 164:
Derivative Contract Component Repos
Page 165 and 166:
stepwise execution create Derivativ
Page 167 and 168:
5.4.1 Structural Constraints Struct
Page 169 and 170:
into the conceptual foundation of n
Page 171 and 172:
different implementation and is mor
Page 173 and 174:
the service from the root. It allow
Page 175 and 176:
model: 1. Servlet [6] adapter compo
Page 177 and 178:
y possibly different service, where
Page 179 and 180:
or the fact that widgets extend ser
Page 181 and 182:
174
Page 183 and 184:
The idea of Java 5.0 type inference
Page 185 and 186:
Source := (class | interface)∗ cl
Page 187 and 188:
5. IMPLEMENTATION In order to prese
Page 189 and 190:
Infinite Streams in Java Dominik Gr
Page 191 and 192:
} private static LinkedStream fibon
Page 193 and 194:
of the f stream in order to compute
Page 195 and 196:
Interaction among Objects via Roles
Page 197 and 198:
(a) (b) (c) (d) (e) Figure 1: The p
Page 199 and 200:
class Printer { private int totalPr
Page 201 and 202:
Experiences of using the Dagstuhl M
Page 203 and 204:
Metric Definition Java .class files
Page 205 and 206:
scription of the metric values. Non
Page 207 and 208:
Figure 1: Results from the J-vestig
Page 209 and 210:
an error is subsequently generated
Page 211 and 212:
3. BASIC TERMINOLOGY As object-orie
Page 213 and 214:
• subtyping • (implementation)
Page 215 and 216:
Improving the Quality of Programmin
Page 217 and 218:
Results of online checks (shortened
Page 219 and 220:
212
Page 221 and 222:
214
Page 223 and 224:
Experiences With Hierarchy-Based Co
Page 225 and 226:
Sub View Child DataField 0..n Ke
Page 227 and 228:
Figure 8 - Actual State Charts elem
Page 229 and 230:
associations, which may result in r
Page 231 and 232:
M3PS: A Multi-Platform P2P System B
Page 233 and 234:
In following, we will explain in de
Page 235 and 236:
Figure 10. JDP in Windows XP. Figur
Page 237 and 238:
Mapping Clouds of SOA- and Business
Page 239 and 240:
the technical SOA events (from the
Page 241 and 242:
component and the business process
Page 243 and 244:
Figure 13. “Business Value of Dat
Page 245 and 246:
Solaris of SUN. This platform provi
Page 247 and 248:
status change of an application is
Page 249 and 250:
coming up, is presently discussing
Page 251:
ISBN: 3-939352-05-5 ISBN: 978-3-939
show all

4th International Conference on Principles and Practices ... - MADOC

Create successful ePaper yourself

Delete template?

Save as template?