Package java.rmi.constraint

Provides classes to allow both clients and servers to place security constraints on remote calls.

See:
          Description

Interface Summary
RelativeTimeConstraint Implemented by constraints that are expressed in terms of relative time.
SecurityConstraint Defines the interface to security constraints.
 

Class Summary
ClientAuthentication Represents a constraint on authentication of the client to the server.
ClientMaxPrincipal Represents a constraint on the client, such that if the client authenticates itself, then it may only authenticate itself as one or more of the specified principals.
ClientMaxPrincipalType Represents a constraint on the client, such that if the client authenticates itself, then it may only authenticate itself as principals that are instances of one or more of the specified classes.
ClientMinPrincipal Represents a constraint on the client, such that if the client authenticates itself, then it must authenticate itself as at least all of the specified principals.
ClientMinPrincipalType Represents a constraint on the client, such that if the client authenticates itself, then it must authenticate itself such that, for each specified class, at least one authenticated principal is an instance of that class.
Confidentiality Represents a constraint on the confidentiality of message contents.
ConstraintAlternatives Combines constraint alternatives of uniform type into a single overall constraint.
Delegation Represents a constraint on delegation from the client to the server.
DelegationAbsoluteTime Represents a constraint on delegation, such that if delegation is permitted, it be permitted for a range of absolute times.
DelegationRelativeTime Represents a constraint on delegation, such that if delegation is permitted, it be permitted for a range of time measured relative to the start of the remote call.
Integrity Represents a constraint on the integrity of message contents.
SecurityConstraints Combines security constraints.
ServerAuthentication Represents a constraint on authentication of the server to the client.
ServerMinPrincipal Represents a constraint on the server, such that if the server authenticates itself, then it must authenticate itself as at least all of the specified principals.
 

Package java.rmi.constraint Description

Provides classes to allow both clients and servers to place security constraints on remote calls. The basic security constraints are very simple:

Constraints can also be placed on which principals of a client or server subject must be authenticated, and on which principals of a client are permitted to be authenticated: Additional constraints can be placed on the range of time during which delegation is permitted. These time constraints can be expressed either as absolute times (with DelegationAbsoluteTime) or as durations relative to the start of the remote call (with DelegationRelativeTime).

Constraint alternatives of uniform type can be combined into a single overall constraint with ConstraintAlternatives.

The constraint mechanism is designed to be extensible (see TrustVerifier); additional kinds of constraints may be provided in specific implementations.

Constraints come in two basic flavors: requirements and preferences. A requirement is a mandatory constraint that must be satisfied for the remote call. A preference is a desired constraint, to be satisfied if possible, but it will not be satisfied if it conflicts with a requirement; if two preferences conflict, it is generally arbitrary as to which one will be satisfied. Requirements and preferences are combined together with SecurityConstraints.

Overall, constraints come from three sources:

The server can specify different constraints for each remote method, if desired (see RemoteSecurity.getServerConstraints and SecureExportDesc). The server's constraints for a given method apply to all calls to that method by the client. Constraints placed directly on a proxy by a client (see RemoteSecurity.setClientConstraints) apply to all remote calls made through that particular proxy by any thread. Contextual constraints (see Security.doConstrained) apply to all secure remote calls (made through any proxy, to anywhere), by the thread.

The constraint mechanisms are designed such that constraints set by the client do not weaken constraints set by the server, and constraints set by invoked code do not weaken contextual constraints set by the code that invoked it. However, it is certainly possible for entities to specify conflicting requirements, in which case the remote call will not be made.

A secure remote call will be performed only if: the server is capable of satisfying the combined requirements (from all three sources); the combined requirements are supported by the client's underlying RMI runtime implementation; and the calling thread has the requisite permissions (such as AuthenticationPermission) to satisfy the requirements. In addition, both client and server preferences will be satisfied, to the extent possible.

Since:
1.4


Copyright © 2000 Sun Microsystems, Inc. All rights reserved