On 8/18/2011 10:16 PM, Peter Firmstone wrote:
Getting security policies right in a distributed environment is difficult,
getting information back when things break in deployment is also difficult.
What would be nice is a service you can utilise to give you a list of failed
security checks and the failed ProtectionDomain's.
ProtectionDomain isn't Serializable and neither is ClassLoader (although
PrefferedClassLoader overrides toString()).
But we could call ProtectionDomain.toString() and serialize that.
I thought about using RemoteEvent's, however an attacker could use this for DOS
attacks. Instead, each node could register a SecurityAudit service with the
lookup service. It would be up to an administrator client to contact it.
Then you could use that service to periodically retrieve a list of failed
permission checks.
Or, we could log it? But logging doesn't seem to work too well from the
extension classloader...
But if we did use logging we could create a remote logger service, where an
administrator could inspect logs remotely...
My logman.dev.java.net project provides this with command line activation. Just
set the LogManager class, and the configuration file, and you get remotely
accessible logging as well as configuration of log levels.
Gregg
