I have to confess to being confused by the proxy layer. I'm probably being
dense here, but what do they do that normal EJB role based security
doesn't do? When you say 'custom' do you mean it's something I write to
include whatever advanced authorization checks I need to do? If so, then I
see the purpose. If not, I'm still confused - what are the advantages of
the proxies?
On Mon, 12 Feb 2001, Scott M Stark wrote:
>
> The contrib security is a work in progress that extends the current JBoss
> security architecture to provide support for a security proxy layer. The
> goal is to allow custom security to be added to an EJB as a layer that
> is independent of the EJB business object. This is done by adding two
> types of security proxies; a stateless proxy and a stateful proxy. Both
> proxies implement the business interface method of the EJB and are
> given the opportunity to perform security checks on a per method basis by
> a patched version of org.jboss.ejb.plugins.SecurityInterceptor. The
> difference between a stateless and stateful proxy is that a stateful proxy
> has a reference to the EJB implementation object it is securing. See the
> StatelessSIDiagram in the contrib/security/docs directory for a sequence
> diagram illustrating the key steps in the method invocation security layer.
>
> The basic extension is indepdent of JAAS, but the bulk of the contrib
> work demonstrates a JAAS based version. The following elements are included
> in the release:
>
> - A new SRPLoginModule that provides a crptographically secure login
> mechanism. This is an implementation of RFC2945, the
> 'Secure Remote Password' cryptographic authentication system developed
> by Tom Wu ([EMAIL PROTECTED]).
> From an abstract of a paper by Wu:
> <cite>
> ... a new password authentication and key-exchange protocol suitable for
> authenticating users and exchanging keys over an untrusted network. The
> new protocol resists dictionary attacks mounted by either passive or active
> network intruders, allowing, in principle, even weak passphrases to be used
> safely. It also offers perfect forward secrecy, which protects past sessions
> and passwords against future compromises. Finally, user passwords are stored
> in a form that is not plaintext-equivalent to the password itself, so an
> attacker who captures the password database cannot use it directly to
> compromise security and gain immediate access to the host. This new protocol
> combines techniques of zero-knowledge proofs with asymmetric key exchange
> protocols and offers significantly improved performance over comparably
> strong extended methods that resist stolen-verifier attacks such as Augmented
> EKE or B-SPEKE.
> </cite>
> See http://www-cs-students.stanford.edu/~tjw/srp/</a> for details on SRP.
>
> - A custom implementation of the javax.security.auth.Policy and
> javax.security.auth.login.Configuration classes that combines the notions
> of user authentication and authorization into a multiple security domain
> notion. Each security domain can define its own login module stack and user
> based permissions. The authentication and authorization information is
> accessed through a store abstraction(IAppPolicyStore) that allows for
> integrating with arbitrary security stores.
>
> - An XML based implementation of IAppPolicyStore that allows for
> security domain information to be represented by an XML document.
>
> - A sample implementation of a JAAS based security proxy to demonstrate
> the usage of the contrib security elements.
>
> The contrib security code is currently implemented as a patch to JBoss.
> You need a clean cvs snapshot of JBoss in order to build a JBoss server
> that includes the security extensions. See the JAAS_Setup_Steps.html doc
> in contrib/security/docs for the steps on building a patched JBoss server.
>
> The purpose of this release is to solicit feedback with regard to the
> design and usability of the security proxy mechanism. One key question is
> whether this should be integrated into the core JBoss layer or left as
> an security extension. The design of JBoss can easily support both approaches.
>
> Getting Started
> To get started with the security extension layer, obtain the contrib security
> snapshot from cvs:
>
> 784>cvs -d :pserver:[EMAIL PROTECTED]:/products/cvs/ejboss login
> (Logging in to [EMAIL PROTECTED])
> CVS password: anon
> 785>cvs -d :pserver:[EMAIL PROTECTED]:/products/cvs/ejboss co
>contrib/security
> cvs server: Updating contrib/security
> ...
>
> You can either just browse the docs and source code, or build a patched JBoss
> server by following the steps outlined in contrib/security/docs/JAAS_Setup_Steps.html
>
>
>
--
Dan Christopherson (danch)
nVisia Technical Architect (www.nvisia.com)
Opinions expressed are mine and do not neccessarily reflect any
position or opinion of nVISIA.
---------------------------------------------------------------------------
If you're a capitalist and you have the best goods and they're
free, you don't have to proselytize, you just have to wait.
-Eben Moglen
