Borland VisiBroker® 7.0 - Borland Technical Publications
Share Embed Flag
Download ePaper

Borland VisiBroker® 7.0 - Borland Technical Publications

Borland VisiBroker® 7.0 - Borland Technical Publications Borland VisiBroker® 7.0 - Borland Technical Publications

borland.com
11.07.2015 Views

JAAS basic conceptsPrincipalsA principal represents any name associated with a subject. A subject could havemultiple names, potentially one for each different service it needs to access. A subject,therefore, comprises a set of principals, such as in the code sample below:Java public interface Principal {public String getName();}public final class Subject {public Set getPrincipals()}C++ class Principal {public:std::string getName() const=0;}class Subject {public:Principal::set& getPrincipals();}NotePrincipals populate the subject when the subject successfully authenticates to aservice. You do not have to rely on public keys and/or certificates if your operationalenvironment has no need for such robust technologies.To return the principle name(s) for a subject from the application context, usegetCallerPrincipal.Principals participating in transactions may not change their principal association withinthose transactions.CredentialsIn the event that you want to associate other security-related attributes with a subject,you may use what JAAS calls credentials. Credentials are generic security-relatedattributes like passwords, public-key certificates, and such. Credentials can be anytype of object, allowing you to migrate any existing credential information orimplementation into JAAS. Or, if you want to keep some authentication data on aseparate server or other piece of hardware, you can simply store a reference to thedata as a credential. For example, you can use JAAS to support a security-card reader.Public and private credentialsCredentials in JAAS come in two types, public and private. Public credentials do notrequire permissions to access them. Private credentials require security checks. Publiccredentials could contain public keys, and such, while private credentials are privatekeys, encryption keys, sensitive passwords, and such. Consider the following subject:Java public final class Subject {...public Set getPublicCredentials()}C++ class Subject {public:Credential::set& getPrivateCredentials();}No additional permissions would be necessary to retrieve the public credentials fromthe subject, except in the case:26 VisiBroker Security Guide

Authentication mechanisms and LoginModulesJava public final class Subject {...public Set getPrivateCredentials()}C++ class Subject {public:Credential::set& getPrivateCredentials();}For Java, permissions are required for code to access private credentials in a Subject.For cpp, all codes are local and therefore trusted. No permission required to accessboth public and private credentials. For more information on permissions in Java,consult the JAAS Specification from Sun Microsystems.Authentication mechanisms and LoginModulesAn authentication mechanism represents the encoding/decoding for communicatingauthentication information between various components of the security subsystem. Forexample, it represents how LoginModules communicate with the mechanism and howthe mechanism on one process communicates with an equivalent mechanism onanother process.VisiSecure includes several common LoginModules for server and client authenticationas well as the Security Provider Interface classes for Java and C++ that enable you to“plug-in” security service provider implementations of authentication and identification.Authentication realmsAn authentication realm represents a single user authentication mechanism,customized to point to a datasource which contains user information . This allows theauthentication mechanism to be independent of the actual user database and thereforebe used with multiple user databases that support the same authenticationmechanism. For example, if a vendor writes an authentication module to work withLDAP, that mechanism can then be used to interact with different LDAP directories indifferent environments, without having to rewrite or otherwise modify the authenticationmechanism.For more information on the authentication realm (user domain), see “Basic securitymodel” on page 9.LoginModulesA LoginModule defines an authentication mechanism and provides the code to interactwith a specific type of authentication mechanism. Each LoginModule is customizedusing authentication options that point it to a specific data source and provide othercustomizable behavior as defined by the author of the LoginModule.Each LoginModule authenticates to a particular authentication realm (anyauthenticating body or authentication provider—;for example, an NT domain). Anauthentication realm is represented by a configuration entry in a JAAS configurationfile. A JAAS configuration entry contains one or more LoginModule entries withassociated options to configure the realm. For more information, see “Associating aLoginModule with a realm” on page 30.Chapter 3: Authentication 27

JAAS basic conceptsPrincipalsA principal represents any name associated with a subject. A subject could havemultiple names, potentially one for each different service it needs to access. A subject,therefore, comprises a set of principals, such as in the code sample below:Java public interface Principal {public String getName();}public final class Subject {public Set getPrincipals()}C++ class Principal {public:std::string getName() const=0;}class Subject {public:Principal::set& getPrincipals();}NotePrincipals populate the subject when the subject successfully authenticates to aservice. You do not have to rely on public keys and/or certificates if your operationalenvironment has no need for such robust technologies.To return the principle name(s) for a subject from the application context, usegetCallerPrincipal.Principals participating in transactions may not change their principal association withinthose transactions.CredentialsIn the event that you want to associate other security-related attributes with a subject,you may use what JAAS calls credentials. Credentials are generic security-relatedattributes like passwords, public-key certificates, and such. Credentials can be anytype of object, allowing you to migrate any existing credential information orimplementation into JAAS. Or, if you want to keep some authentication data on aseparate server or other piece of hardware, you can simply store a reference to thedata as a credential. For example, you can use JAAS to support a security-card reader.Public and private credentialsCredentials in JAAS come in two types, public and private. Public credentials do notrequire permissions to access them. Private credentials require security checks. Publiccredentials could contain public keys, and such, while private credentials are privatekeys, encryption keys, sensitive passwords, and such. Consider the following subject:Java public final class Subject {...public Set getPublicCredentials()}C++ class Subject {public:Credential::set& getPrivateCredentials();}No additional permissions would be necessary to retrieve the public credentials fromthe subject, except in the case:26 VisiBroker Security Guide

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!