|
|||||||||
PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES |
See:
Description
Interface Summary | |
RelativeTimeConstraint | Implemented by constraints that are expressed in terms of relative time. |
SecurityConstraint | Defines the interface to security constraints. |
Class Summary | |
ClientAuthentication | Represents a constraint on authentication of the client to the server. |
ClientMaxPrincipal | Represents a constraint on the client, such that if the client authenticates itself, then it may only authenticate itself as one or more of the specified principals. |
ClientMaxPrincipalType | Represents a constraint on the client, such that if the client authenticates itself, then it may only authenticate itself as principals that are instances of one or more of the specified classes. |
ClientMinPrincipal | Represents a constraint on the client, such that if the client authenticates itself, then it must authenticate itself as at least all of the specified principals. |
ClientMinPrincipalType | Represents a constraint on the client, such that if the client authenticates itself, then it must authenticate itself such that, for each specified class, at least one authenticated principal is an instance of that class. |
Confidentiality | Represents a constraint on the confidentiality of message contents. |
ConstraintAlternatives | Combines constraint alternatives of uniform type into a single overall constraint. |
Delegation | Represents a constraint on delegation from the client to the server. |
DelegationAbsoluteTime | Represents a constraint on delegation, such that if delegation is permitted, it be permitted for a range of absolute times. |
DelegationRelativeTime | Represents a constraint on delegation, such that if delegation is permitted, it be permitted for a range of time measured relative to the start of the remote call. |
Integrity | Represents a constraint on the integrity of message contents. |
SecurityConstraints | Combines security constraints. |
ServerAuthentication | Represents a constraint on authentication of the server to the client. |
ServerMinPrincipal | Represents a constraint on the server, such that if the server authenticates itself, then it must authenticate itself as at least all of the specified principals. |
Provides classes to allow both clients and servers to place security constraints on remote calls. The basic security constraints are very simple:
Integrity
- making sure that the
data sent over the network is not tampered with by third parties.
Confidentiality
- making sure
that the data sent over the network cannot be interpreted by third parties.
ServerAuthentication
-
proving to the client that the server is executing on behalf of some subject,
so that the call can be terminated if the subject is not trusted by the
client. The flip side of this is anonymity: allowing a server to remain
anonymous when it wants to be.
ClientAuthentication
-
proving to the server that the client is executing on behalf of some subject,
so that the server can perform only those tasks for which the subject is
authorized. The flip side of this is anonymity: allowing a client to remain
anonymous when it wants to be.
Delegation
- allowing the server to
authenticate as the client in its own remote calls, thus allowing the server
to act on a client's behalf when dealing with third party remote servers, in
cases where the identity of the client (not the server) is what matters to the
third party.
ClientMinPrincipalType
and
ClientMaxPrincipalType
constraints.
ClientMinPrincipal
and
ClientMaxPrincipal
constraints,
and server authentication can be restricted with
ServerMinPrincipal
constraints.
DelegationAbsoluteTime
)
or as durations relative to the start of the remote call (with
DelegationRelativeTime
).
Constraint alternatives of uniform type can be combined into a single overall
constraint with
ConstraintAlternatives
.
The constraint mechanism is designed to be extensible (see
TrustVerifier
); additional kinds of
constraints may be provided in specific implementations.
Constraints come in two basic flavors: requirements and preferences. A
requirement is a mandatory constraint that must be satisfied for the remote
call. A preference is a desired constraint, to be satisfied if possible, but
it will not be satisfied if it conflicts with a requirement; if two
preferences conflict, it is generally arbitrary as to which one will be
satisfied. Requirements and preferences are combined together with
SecurityConstraints
.
Overall, constraints come from three sources:
RemoteSecurity.getServerConstraints
and
SecureExportDesc
). The server's
constraints for a given method apply to all calls to that method by the client.
Constraints placed directly on a proxy by a client (see
RemoteSecurity.setClientConstraints
) apply to all remote calls made through
that particular proxy by any thread. Contextual constraints (see
Security.doConstrained
) apply to all
secure remote calls (made through any proxy, to anywhere), by the thread.
The constraint mechanisms are designed such that constraints set by the client do not weaken constraints set by the server, and constraints set by invoked code do not weaken contextual constraints set by the code that invoked it. However, it is certainly possible for entities to specify conflicting requirements, in which case the remote call will not be made.
A secure remote call will be performed only if: the server is capable of
satisfying the combined requirements (from all three sources); the combined
requirements are supported by the client's underlying RMI runtime
implementation; and the calling thread has the requisite permissions (such as
AuthenticationPermission
) to satisfy
the requirements. In addition, both client and server preferences will be
satisfied, to the extent possible.
|
|||||||||
PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES |