avalon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nader Aeinehchi" <na...@aeinehchi.com>
Subject Re: Merlin Security
Date Thu, 13 May 2004 19:40:19 GMT
Hi Aaron

> Usually.  I've had trouble when embedding various containers into one
> another.  For example, embedding OpenJMS into Merlin.  Or using sun's COMM
> API which checks the security manager before looking for the
> javax.comm.properties file.

This is exactly where things get complicated.  To my knowledge, there are
two central elements in authorization model of Java:
SecurityManager(AccessController) and Policy object.
For all practical purposes SecurityManager is equal to AccessController,
just that you can subclass from SecurityManager and not AccessController.

These classes take effect by:

System.setSecurityManager(your security manager)
Policy.setPolicy(your policy object)

And there may be only one instance of these classes per JVM.

So if you start the first container (say Merlin) in security mode by making
the above calls, and later on try to start the second container (say
OpenJMS) also in security mode by making the same calls, you would get a
problem.  Of course, the problem can be solved if the first container (say
Merlin) grants the second container(say OpenJMS) enough privileges to make
the above calls.  However, in most of the cases, the owner of the first
container never wants such a thing to happen.

I think there is one probable solution: define various containers (and
components and applications) as realms and let each of them have their own
Policy object.  Develop a Realm Manager.  Let the first security manager and
policy object to understand the realms where each realm takes a Policy
object as parameter.

The next challenge is to let Merlin itself be embedded in another container.
I have not found a good solution yet, but I think the solution could be to
let Merlin define itself as a realm in the underlying container.




Best Regards

--
Nader Aeinehchi
Aasenhagen 66 E
2020 Skedsmokorset
NORWAY
Direct and Mobile +47 41 44 29 57
Tel (private): +47 64 83 09 08
Fax +47 64 83 08 07
www.aeinehchi.com

----- Original Message -----
From: "Farr, Aaron" <Aaron.Farr@am.sony.com>
To: "'Avalon Developers List'" <dev@avalon.apache.org>
Sent: Thursday, May 13, 2004 8:48 PM
Subject: RE: Merlin Security


>
>
> > -----Original Message-----
> > From: Nader Aeinehchi [mailto:nader@aeinehchi.com]
> >
> > You should rather use the following way which ensures only your policy
> > file is in control
> > -Djava.security.policy==$MERLIN_HOME/bin/security.policy
>
> I knew about the JRE security definitions but I didn't know about the
double
> equals for overriding them.  Thanks.
>
> > 2. Keep yourself to standard policy file as long as you can.
> > Most of the time, the standard policy file from Sun provides the desired
> > functionality and probably more.
>
> Usually.  I've had trouble when embedding various containers into one
> another.  For example, embedding OpenJMS into Merlin.  Or using sun's COMM
> API which checks the security manager before looking for the
> javax.comm.properties file.
>
> > 5. If you decide to let Merlin be the top-most container, and thus the
one
> > that starts security manager, consider the following:
>
> <snip/>
>
> These are issues we will need to consider when finalizing the Merlin
> security features.  As Alex mentioned, if you want to help, you're more
than
> welcome!
>
> J. Aaron Farr
>   SONY ELECTRONICS
>   DDP-CIM
>   (724) 696-7653
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@avalon.apache.org
> For additional commands, e-mail: dev-help@avalon.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@avalon.apache.org
For additional commands, e-mail: dev-help@avalon.apache.org


Mime
View raw message