Segurança sob J2EE

Resumo da Segurança com J2EE/EJB

O modelo de segurança declarativa EJB 1.1

Configuração da segurança declarativa

ejb_11_security_dtd.jpg (72135 bytes) 

<assembly-descriptor>
    <security-role>
        <description>
        This role includes the employees of the
        enterprise who are allowed to access the
        employee self-service application. This role
        is allowed only to access his/her own
        information.
        </description>
        <role-name>employee</role-name>
    </security-role>
    <security-role>
        <description>
        This role includes the employees of the human
        resources department. The role is allowed to
        view and update all employee records.
        </description>
        <role-name>hr-department</role-name>
    </security-role>
    <security-role>
        <description>
        This role includes the employees of the payroll
        department. The role is allowed to view and
        update the payroll entry for any employee.
        </description>
        <role-name>payroll-department</role-name>
    </security-role>
...
</assembly-descriptor>

Segurança customizada

    <enterprise-beans>
        ...
        <entity>
            <ejb-name>AardvarkPayroll</ejb-name>
            <ejb-class>com.aardvark.payroll.PayrollBean</ejb-class>
            ...
            <security-role-ref>
                <description>
                This role should be assigned to the employees of the payroll department.
                Members of this role have access to anyone's payroll record.
                The role has been linked to the payroll-department role.
                </description>
                <role-name>payroll</role-name>
                <role-link>payroll-department</role-link>
                </security-role-ref>
            ...
        </entity>
        ...
    </enterprise-beans>

Segurança Customizada sob JBoss

Criação de um proxy de segurança

<jboss>
    <!-- use the jboss default "other" security domain -->
    <security-domain>java:/jaas/other</security-domain>
    <enterprise-beans>
      <entity>
        <ejb-name>TradingAccount</ejb-name>
  
        <!-- Specify the proxy class to be used to protect
            this entity -->
        <security-proxy>com.mkeym.customsec.ejb.
           TradingAccountSecurityProxy</security-proxy>

        ...

      </entity>
    </enterprise-beans>
  
    ...  
  </jboss>

Um exemplo simples

jw-0215-ejbsecurity.png (6958 bytes) 

public class TradingAccountSecurityProxy implements org.jboss.security.SecurityProxy {
   private Category _log = Category.getInstance(getClass().getName());
   private ThreadLocal _ctx = new ThreadLocal();

// ... init and invokeHome methods removed

   public void setEJBContext(EJBContext ctx) {
      _log.info("setEJBContext " + ctx);
      _ctx.set(ctx);
   }

   public void invoke(Method m, Object[] args, Object bean)
      throws SecurityException {
      if (!(bean instanceof TradingAccountBean))
         throw new SecurityException("Invalid bean instance for
            security proxy");

      EJBContext ctx = (EJBContext)_ctx.get();
      String caller = ctx.getCallerPrincipal().getName();
      TradingAccountBean account = (TradingAccountBean)bean;
      String operation = m.getName();

      _log.info("invoke " + operation + " called by " + caller);

     // The implementation of the defined policies.
      if (operation.equals("buy") || operation.equals("sell")) {
         int qty = ((Integer)args[1]).intValue();

     // 1. A trader can only buy or sell shares through her own account.
         if (!account.getAccountId().equals(caller)) {
            _log.warn("method " + operation + "
               called on account " + account.getAccountId() +
                " by invalid user " + caller);
            throw new SecurityException("caller is not the account owner");
         }

     // 2. A single transaction must have a value
     // less than or equal to 50 million.
         int value = qty * 100; // In our kid-on example all the
                                // shares cost 100.
         if (value > 5e7) {
            _log.warn(operation + " invoked with too high
               transaction value: " + value);
            throw new SecurityException("transaction value is too large");
         }

     // 3. An account balance cannot exceed 100 million or go below -100
     // million.
         int newBalance = account.getBalance() + (operation.equals
            ("sell") ? value : -value);
         if (Math.abs(newBalance) >= 1e8) {
            _log.warn(operation + " would exceed bounds on account
               balance: " + newBalance);
            throw new SecurityException("balance exceeded");
         }
      }
   }
}

Usuários e papeis

Bibliografia