Getting security policies right in a distributed environment is
difficult, getting information back when things break in deployment is
also difficult.
What would be nice is a service you can utilise to give you a list of
failed security checks and the failed ProtectionDomain's.
ProtectionDomain isn't Serializable and neither is ClassLoader (although
PrefferedClassLoader overrides toString()).
But we could call ProtectionDomain.toString() and serialize that.
I thought about using RemoteEvent's, however an attacker could use this
for DOS attacks. Instead, each node could register a SecurityAudit
service with the lookup service. It would be up to an administrator
client to contact it.
Then you could use that service to periodically retrieve a list of
failed permission checks.
Or, we could log it? But logging doesn't seem to work too well from the
extension classloader...
But if we did use logging we could create a remote logger service, where
an administrator could inspect logs remotely...
Not sure...
Thoughts?
Regards,
Peter.
