4th International Conference on Principles and Practices ... - MADOC

More documents

Recommendations

Info

Class JDOHelper creates 0..* Interface PersistenceManagerFactory manages 0..* Interface PersistenceManager Class JDOSecureHelper creates 0..* Class PMFProxy Interface Interface Permission Permission forwards 1 Class PMFInvocation Handler 1 checks manages Class JDOSecurity Action 1 0..* run Class PMProxy forwards 1 Class PMInvocation Handler has 1 Class JDOUser Class JDOQuery Permission Class JDOMakePersistent Permission Class JDODeletePersistence Permission Figure 6: Using the Dynamic Proxy Approach to Implement User Authorization 3.4 The Authorization Process JDOSecure enables the set-up of user specific permissions in order to allow or disallow the invocation of PersistenceManager methods. As already mentioned, a user receives a proxy of a PersistenceManager instance (PMProxy) by invoking the getPersistenceManager() method. Thus, JDOSecure is able to use the assigned PMInvocationHandler to validate, if an authenticated JDOUser has the permission to make a specific method invocation. The permissions are located in a separate policy-file and can be individually defined for any user. Currently, JDOSecure distinguishes between different permissions (Table 1) in order to restrict the access to the different PersistenceManager methods. JDOSecure also enables the limitation of user permissions to a certain package or a specific class. For instance, the permission to invoke the makePersistent() method could be defined for a package org.test.sample and a single user ”sampleuser” as following: grant Principal JDOUser "sampleuser"{ permission JDOMakePersistentPermission "org.test.sample.*"; } In order to validate if a user has the permission to invoke a specific PersistenceManager method, a JDOSecurityAction instance will be constructed and passed to the static doAs(subject, action) method of the Subject class. Consequently, the validation of a user permission is delegated to the AccessController as part of the Java 2 Security Architecture. If a user has the appropriate permission to invoke a specific PersistenceManager method, the method call is forwarded to the original PersistenceManager instance. If not, a Java SecurityException is thrown and the access to the JDO resource is rejected. Even this approach allows one to restrict the creation, query and deletion of PersistentCapable instances, it is not suitable for the JDO update process. This problem is addressed in the next section. 3.5 JDOSecure and the Update of Object Attributes JDO introduces the concept of transparent persistence and consequently JDO doesn’t provide any additional methods to update object attributes or flushing instances to the data store. The security mechanism as described above, to verify user permissions when invoking methods of the JDO API, does not work in case of JDO updates. As already mentioned, the JDO enhancer modifies regular Java classes in order to implement the PersistentCapable interface. Additionally, all setter methods are modified, that they do not change attributes directly. Instead, by invoking a setter method, an associated StateManager instance will be notified. This StateManager is responsible to update the attributes in the corresponding PersistentCapable instance as well as to propagate these updates to the database. The idea in this context is to replace the StateManager by another proxy and to validate the user permissions in the corresponding InvocationHandler instance. As defined in the JDO specification, a StateManager instance will be created by the JDO implementation with the invocation of the PersistenceManager methods makePersistent(...), makePersistentAll(...), getExtent(...), getObjectById(...) as well as the execute(...) method of the Query instance. With the use of JDOSecure, the user does not interact with the PersistenceManager directly, but with the PMInvocationHandler instance. Before JDOSecure returns a PersistentCapable instance to the user, replacing the corresponding StateManager by a proxy becomes possible. In order to implement this approach in JDOSecure, the PMInvocationHandler accesses the private jdoStateManager field by using the java.lang.reflection API to construct a dynamic proxy for the StateManager. In a second step, the PMInvocationHandler replaces the reference to the StateManager in the PersistentCapable instance with the proxy. The technical details like security issues when accessing private fields by using the java.lang.reflection API and other complications (e.g. the jdoReplaceStateManager(...) method of a StateManager) have been disregarded in order to improve 89
Methods of a PersistenceManager, that Necessary permission to invoke the according require specific permissions to be method for a specific class or package: executed in the context of JDOSecure: makePersistent(..) JDOMakePersistentPermission < Class > makePersistentAll(..) deletePersistent(..) JDODeletePersistentPermission < Class > deletePersistentAll(..) getExtent(..) JDOQueryPermission < Class > Query.execute(..) - JDOUpdatePermission < Class > Table 1: JDOSecure Permissions clarity. However, JDOSecure enables the access control of the JDO update mechanism by introducing another proxy and a JDOUpdatePermission. As all other JDOSecure permissions, the JDOUpdatePermission could be specified individually for every user and a specific package or class. 4. THE MANAGEMENT OF USERS, ROLES, AND PERMISSIONS IN JDOSE- CURE This section focusses on the management of users, roles, and permissions in JDOSecure. At first, the interaction between the users, roles, and permissions management system and JDOSecure will be described. Subsequently, the domain model of the users, roles and permissions management system will be outlined and the application to maintain the appropriate information will be introduced. 4.1 Interaction between the Users, Roles, and Permissions Management System and JDOSecure The JDOSecure users, roles, and permissions management system allows to store the information which is necessary for authentication and authorization in a separate JDO resource. The interaction between the management component and JDOSecure on level of the application layer is illustrated in Figure 7. The left part of this illustration corresponds to Figure 4. The right part describes the schematic architecture of the users, roles, and permissions management system consisting of the administration utility, a users, roles, and permission management component, a JDO-Implementation and a separated JDO resource in order to store the administration-data. The UML Component diagram in Figure 8 represents the interaction more in detail. Since JDOSecure uses JAAS, the abstract Java class Policy and the JAAS interface LoginModule are used as interfaces. The JDOLoginModule class implements the interface javax.security.auth.spi.LoginModule and the class JDOPolicy extends the abstract class java.security.Policy. The class JDOLoginModule implements the PAM standard and enables the access to the necessary data like user name and password for the authentication process. In order to enable JAAS to use the JDOLoginModule to authenticate users at runtime, the JAAS Login Configuration file has to be adapted previously [12]. The instance of LoginContext, which will be constructed by the JDOSecureHelper, analyzes the configuration file Application and JDOSecure GUI Anwendung Application Anwendung JDOSecure Anwendung JDO Web- Browser Primary JDO-Ressource Management of Users, Roles, and Permissions Users, Roles, and Permissions Management Administration Anwendung Utility Anwendung JDO JDO-Ressource (Users, Roles, and Permissions) Presentation Layer Application Layer Database Layer Figure 7: Binding between the Users, Roles, and Permissions Management System and JDOSecure and determines, which Login-Modul has to be used for the authentication process. As mentioned in Figure 5, the JDOCallbackHandler passes the parameters user identification and password to the JDOLoginModule. If a Credential object in the JDO resource matches the same user identification and password, the authentication process completed successful. In this case the JDOLoginModule passes all Principal objects that are associated with the Credential object to the LoginContext. Finally, JAAS adds these Principal objects to the current session (Subject). The class JDOPolicy extends the default Java Policy implementation and grants access to the data for authorizing the users (Principal objects, permissions). In order to enable the JDOPolicy class to perform the authorization process, an instance of this class has to be constructed and activated for the entire JVM at run-time. In order to manage the authorization process, the JDOPolicy instance detects the permissions of all Principal objects assigned to the current session as well as the permissions granted to a CodeSource 2 object. In order to achieve data store independency, the permissions are mapped into a JDO resource and could be directly accessed from the 2 A CodeSource object encapsulates a code-base (java.net.URL) and public key certificates of the classes being loaded. 90
Page 1 and 2:
Edited by: Ralf Gitzel, Markus Alek
Page 3 and 4:
Message from the Chairs Dear confer
Page 5 and 6:
Sam Midkiff, Purdue University (USA
Page 7 and 8:
Session F: Novel Uses of Java______
Page 10 and 11:
The Project Maxwell Assembler Syste
Page 12 and 13:
tomated assembler and disassembler
Page 14 and 15:
memory address offset mnemonic argu
Page 16 and 17:
5.2 Instruction Templates The assem
Page 18 and 19:
ange for a very short restart/debug
Page 20 and 21:
Tatoo: an innovative parser generat
Page 22 and 23:
In the grammar file an error termin
Page 24 and 25:
Figure 3: Push parsers and lexers L
Page 26 and 27:
eturn visit((Expr)p1, param); } R v
Page 28:
Session B Program and Performance A
Page 31 and 32:
Table 1: Use of interfaces and deco
Page 33 and 34:
Table 3: Comparison of the situatio
Page 35 and 36:
will trigger the creation of many n
Page 37 and 38:
Appendix A 10 9 8 7 6 5 4 3 2 1 0 1
Page 39 and 40:
Throughout this paper, we make no a
Page 41 and 42:
instrumented program and obtained t
Page 43 and 44:
Figure 5: Investigation of garbage
Page 45 and 46: to the same category—again, this
Page 47 and 48: Investigating Throughput Degradatio
Page 49 and 50: Figure 1: Apache. Throughput degrad
Page 51 and 52: Minor GC Full GC Workload # of Avg.
Page 53 and 54: Figure 6: Comparing memory and pagi
Page 55 and 56: GenRC on the other hand, allows the
Page 58: Session C Mobile and Distributed Sy
Page 61 and 62: ing a continuous buffer for raw dat
Page 63 and 64: the data arrival speed is more impo
Page 65 and 66: public class StreamingClient { publ
Page 67 and 68: importance of β in our aggregation
Page 69 and 70: Enabling Java Mobile Computing on t
Page 71 and 72: A strongly mobile thread has the ab
Page 73 and 74: a context switch occur. The invoked
Page 75 and 76: above phases. Now, the new stack ha
Page 77 and 78: 5 frames 15 frames 25 frames Pure d
Page 79 and 80: Juxta-Cat: A JXTA-based platform fo
Page 81 and 82: Figure 1: JXTA Architecture. 3. JUX
Page 83 and 84: • Send a discovery query to the p
Page 85 and 86: The best candidate is then the one
Page 87 and 88: Local Hosts=2 Hosts=4 Hosts=8 Hosts
Page 90: Session D Resource and Object Manag
Page 93 and 94: Enterprise Edition (J2EE). It enabl
Page 95: As pictured in Figure 4, JDOSecure
Page 99 and 100: Datenmodell abstrahiert user role,
Page 101 and 102: An Extensible Mechanism for Long-Te
Page 103 and 104: missing object references in the de
Page 105 and 106: 4.2 Mapping the name spaces of the
Page 107 and 108: (a) (b) ColorSliderPanel0 color
Page 109 and 110: 8. REFERENCES [1] Abu-Ghazaleh, N.,
Page 111 and 112: permission by process. In other wor
Page 113 and 114: The processor then refers to the en
Page 115 and 116: 1: // Protection domain 2: struct p
Page 117 and 118: Table 3: Frequency of JNI calls tha
Page 119 and 120: [13] Intel Corporation. IA-32 Intel
Page 121 and 122: 01 try { 02 ... 03 } finally { 04 t
Page 123 and 124: 2. FRAMEWORK The Framework for Unif
Page 125 and 126: ManagedInputStream ResourceGroup Ma
Page 127 and 128: 18. throw ‡ 1. release 17. cleanu
Page 129 and 130: 3. FUTURE WORK The ability to split
Page 131 and 132: 124
Page 133 and 134: UML sequence diagrams are among the
Page 135 and 136: diagrams, and behavioral (dynamic)
Page 137 and 138: the official scripting language for
Page 139 and 140: Apache's XML Graphics Project. A cu
Page 141 and 142: Java Debug Interface (JDI). In Revi
Page 143 and 144: 1.3 JML 1.3.1 Overview JML, the Jav
Page 145 and 146: The Usage of CANAPA is fairly strai
Page 147 and 148:
*@non_null@*/ String str = attribut
Page 149 and 150:
142
Page 151 and 152:
parallel and distributed versions o
Page 153 and 154:
RingElem CextendsRingElem GenPolyno
Page 155 and 156:
RingElem +isZERO():bolean CextendsR
Page 157 and 158:
class constructors with the actual
Page 159 and 160:
plemented via a distributed hash ta
Page 161 and 162:
which are common nowadays. The reus
Page 163 and 164:
Derivative Contract Component Repos
Page 165 and 166:
stepwise execution create Derivativ
Page 167 and 168:
5.4.1 Structural Constraints Struct
Page 169 and 170:
into the conceptual foundation of n
Page 171 and 172:
different implementation and is mor
Page 173 and 174:
the service from the root. It allow
Page 175 and 176:
model: 1. Servlet [6] adapter compo
Page 177 and 178:
y possibly different service, where
Page 179 and 180:
or the fact that widgets extend ser
Page 181 and 182:
174
Page 183 and 184:
The idea of Java 5.0 type inference
Page 185 and 186:
Source := (class | interface)∗ cl
Page 187 and 188:
5. IMPLEMENTATION In order to prese
Page 189 and 190:
Infinite Streams in Java Dominik Gr
Page 191 and 192:
} private static LinkedStream fibon
Page 193 and 194:
of the f stream in order to compute
Page 195 and 196:
Interaction among Objects via Roles
Page 197 and 198:
(a) (b) (c) (d) (e) Figure 1: The p
Page 199 and 200:
class Printer { private int totalPr
Page 201 and 202:
Experiences of using the Dagstuhl M
Page 203 and 204:
Metric Definition Java .class files
Page 205 and 206:
scription of the metric values. Non
Page 207 and 208:
Figure 1: Results from the J-vestig
Page 209 and 210:
an error is subsequently generated
Page 211 and 212:
3. BASIC TERMINOLOGY As object-orie
Page 213 and 214:
• subtyping • (implementation)
Page 215 and 216:
Improving the Quality of Programmin
Page 217 and 218:
Results of online checks (shortened
Page 219 and 220:
212
Page 221 and 222:
214
Page 223 and 224:
Experiences With Hierarchy-Based Co
Page 225 and 226:
Sub View Child DataField 0..n Ke
Page 227 and 228:
Figure 8 - Actual State Charts elem
Page 229 and 230:
associations, which may result in r
Page 231 and 232:
M3PS: A Multi-Platform P2P System B
Page 233 and 234:
In following, we will explain in de
Page 235 and 236:
Figure 10. JDP in Windows XP. Figur
Page 237 and 238:
Mapping Clouds of SOA- and Business
Page 239 and 240:
the technical SOA events (from the
Page 241 and 242:
component and the business process
Page 243 and 244:
Figure 13. “Business Value of Dat
Page 245 and 246:
Solaris of SUN. This platform provi
Page 247 and 248:
status change of an application is
Page 249 and 250:
coming up, is presently discussing
Page 251:
ISBN: 3-939352-05-5 ISBN: 978-3-939
show all

4th International Conference on Principles and Practices ... - MADOC

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?