You are not logged in Log in Join
You are here: Home » Members » jim » ZopeSecurity » JavaSecurityModel
Log in
Name

Password

 
Link icon Forgot your password?
 
Print

History for JavaSecurityModel

??changed:
-
A summary of the Java Security Model

  I've taken a cursory look at the "Java 1.2 Security",
  http://java.sun.com/products/jdk/1.2/docs/guide/security/,
  model for comparison with Zope's present and future models.

  If I've gotten anything wrong or missed something important, 
  I hope someone will correct me.

  Java's security model is based on *classes*, Permissions,
  Policies, and programmer-performed run-time permission checks.

  Permissions -- 
    "Permissions",
    http://java.sun.com/products/jdk/1.2/docs/guide/security/spec/security-spec.doc3.html,
    are abstract objects.  They are defined by a permission class and
    0 or more string parameters.

    Examples:

       - java.lang.RuntimePermission("exitVM")

       - java.net.SocketPermission("*.com","connect")

       - java.io.FilePermission("myfile", "read,write")

    Permissions can imply other permissions. 

  Policies -- "Policies",
    http://java.sun.com/products/jdk/1.2/docs/guide/security/spec/security-spec.doc3.html#20128,
    define *which classes have which permissions*. Policies *no not*
    express *what permissions are needed to use a class*.

    Policies seem to be global settings. There doesn't seem to be any
    notion of server apps that provide different policies for
    different human users.

    Policies are assigned to classes based *either* on **class
    location** or on the **class provider** (*owner*) as expressed
    through a cryptographic signature, where the signature is
    contained in a '.jar' file.

  The last piece of the puzzle is defining what permissions are needed
  to perform actions.  This is done through explicit checks in Java
  code. When a bit of code wants to perform some action that
  should be protected, the code makes an explicit call to check
  whether the calling **classes** have the necessary permission::
    
      !SecurityManager security = System.getSecurityManager();
      if (security != null) {
          !FilePermission perm = new FilePermission("path/file", "read");
          security.checkPermission(perm);
      }

  This seems too hard. There must be an easier way, but I haven't
  found it. (I haven't tried that hard, someone please correct me
  if I'm wrong.) 

  Note that I said **"classes"** above. Normally, **every class in the
  call stack** must have the specified permission or a permission that
  *implies* the specified permission. *Eek!* There is a way to
  short-curcuit this so that the check only goes up to a specified
  boundary.
Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)