您好,欢迎访问三七文档
当前位置:首页 > 商业/管理/HR > 销售管理 > 软件构件与中间件技术14-安全服务
linhp@ss.pku.edu.cnJavaJ2EE (secrecy attack) – (integrity attack) – (availability attack) – (denial-‐of-‐service attack) – – – – – 12341 DES(DataEncryptionStandard)56 3-DES:DESDES RC2RC42048 RC5 RSA RivestShamirAdleman Diffie-Hellman MD2128 MD4128 MD5128 SHA160 MACWhat you haveWhat you knowWhat you are Principal– – Credential Authorization SecurityDomain SecurityPolicyDomainrealm SecurityTechnologyDomain Kerberos ACLIP…… /(CRL) IP IP IP IP(IPSec) AH ESPEncapsulatingSecurityPayload 护 IPTCPIPIPIPSecTCP IPIPSecIP TCP传输层 SSL Java Java JCA Java Java JAAS Java JSSE Java JCE JavaJCAjavaJCAJCAJCAJavaJCEProviderJavaJavax.crypto.specJavax.security.certJava javax.security.auth.spi 12 EJB (infrastructure) (policy) EJB 2JAVA 1 2 1 2 JAVA 3 4 JAAS 3 2 3 4 5 5 JAAS JAVA JAAS Subject CertificatePrincipalPolicyLoginContextLonginModuleCallback Callbackhandler JAASjavax.security.authPublicfinalclassSubjectimplementSerializable{……publicstaticObjectdoAs(Subjectsubject,PrivilegedActionaction);//publicstaticObjectdoAsPrivileged(Subjectsubject,PrivilegedActionaction,AccessControlContextacc);//publicbooleanequals(Subjecto);//publicSetgetPrincipals();//publicSetgetPrivateCredentials();//publicSetgetPublicCredentials();//publicstaticSubjectgetSubject(finalAccessControlContextacc);//AccessControlContextpublicinthashCode();//publicbooleanisReadOnly();//publicvoidsetReadOnly();//publicStringtoString();//} java.security.certPublicabstractclassCertificateimplementsjava.io.Serializable{publicfinalStringgetType();//publicbooleanequals(Objectother);//publicinthashCode();//publicabstractbyte[]getEncoded();//publicabstractvoidverify(PublicKeykey);//publicabstractPublicKeygetPublicKey();publicabstractStringtoString();//} java.securitypublicinterfacePrincipal{publicbooleanequals(Objectanother);//publicStringtoString();//publicinthashCode();//publicStringgetName();//} java.securitypublicabstractclassPolicy{publicstaticPolicygetPolicy();//staticPolicygetPolicyNoCheck();publicstaticvoidsetPolicy(Policypolicy);//publicabstractPermissionCollectiongetPermission(CodeSourcecodesource);//publicabstractvoidrefresh();//} javax.security.auth.loginpublicclassLoginContext{publicabstractbooleanlogin();publicabstractbooleancommit();publicSubjectgetSubject();} javax.security.auth.spiSPIPublicinterfaceLoginModule{publicabstractvoidinitialize(Subjectsubject,CallbackHandlercallbackhandler,Mapmap,Mapmap1);publicabstractbooleanlogin();publicabstractbooleancommit();publicabstractbooleanabort();publicabstractbooleanlogout();} EJB EJB(Principal) EJB Caller’ssecuritycontext javax.ejb.EJBContext java.security.PrincipalgetCallerPrincipal();! BooleanisCallerInRole(StringroleName);! java.lang.IllegalStateException!publicclassEmployeeServiceBeanimplementsSessionBean{!EJBContextejbContext;!publicvoidchangePhoneNumber(...){!!...!!ContextinitCtx=newInitialContext();!!Objectresult=initCtx.lookup(java:comp/env/ejb/EmplRecord);!!EmployeeRecordHomeemplRecordHome=!!(EmployeeRecordHome)javax.rmi.PortableRemoteObject.!!!narrow(result,EmployeeRecordHome.class);!!callerPrincipal=ejbContext.getCallerPrincipal();!!callerKey=callerPrincipal.getName();!!EmployeeRecordmyEmployeeRecord=!!!emplRecordHome.findByPrimaryKey(callerKey);!!myEmployeeRecord.changePhoneNumber(...);!!...!}!}!isCallerInRole(StringroleName)! public class PayrollBean ... { EntityContext ejbContext; public void updateEmployeeInfo(EmplInfo info) { oldInfo = ... read from database; // The salary field can be changed only by callers // who have the security role payroll if (info.salary != oldInfo.salary && !ejbContext.isCallerInRole(payroll)) { throw new SecurityException(...); } … } ... } security-role-ref!!!description…/description!!role-name…/role-name!/security-role-ref!enterprise-beans!entity!ejb-nameAardvarkPayroll/ejb-name!...!security-role-ref!!description!!Thissecurityroleshouldbeassignedtotheemployeesofthe!payrolldepartmentwhoareallowedtoupdateemployees’!salaries.!!/description!!role-namepayroll/role-name!/security-role-ref! (securityview) ejb-jar / Securityrole Asemanticgroupingofpermissions Methodpermission EJBHomeRemote assembly-descriptor!security-role!!description!!Thisroleincludestheemployeesofthe!!enterprisewhoareallowedtoaccessthe!!employeeself-serviceapplication.Thisrole!!isallowedonlytoaccesshis/herown!!information.!!/description!!role-nameemployee/role-name!/security-role!-(1) 1 EJBmethod!!ejb-na
本文标题:软件构件与中间件技术14-安全服务
链接地址:https://www.777doc.com/doc-1602532 .html