Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes Security and the fly likes Java Security Architecture Problem - What do I do? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Engineering » Security
Bookmark "Java Security Architecture Problem - What do I do?" Watch "Java Security Architecture Problem - What do I do?" New topic
Author

Java Security Architecture Problem - What do I do?

Robert Paris
Ranch Hand

Joined: Jul 28, 2002
Posts: 585
Java Security (My Take)
Originally, Java security was such that they (Sun's Java team) expected
different implementations of SecurityManager (this is why it is not a final
class). However, they seem to have overestimated people's love for security.
As a result, they created the AccessController, their own implementation and
a final class. Now most of what the SecurityManager does is simply call the
AccessController.
The Problem
The problem and shift in security here is that there is no longer ONE
manager of security, or rather no FINAL voice on security access. People can
and do call AccessController directly (which does not check with the
security manager)! Imagine that someone calls the security manager (and it's
our implementation called OurSecurityManager) and is rejected (because of
its particular implementation RULES). So what do they do? They go to Daddy (
AccessController ) since Mommy said he couldn't do the action and since
Daddy has different rules, he allows the action. Gulp. (Or you're using
someone else's code and they have no security manager checks, just
accesscontroller.checkpermission() - diff. rules!)
My problem comes about because(as other people have discovered) Java 2 Security implementation is currently inadequate for numerous situations. That is why I wish to create my own SecurityManager implementation. However, what do I do if they call the AccessController directly? Is there anything to intercept that? And why is this API so convoluted/dishonest (since it seems to state that SecurityManager controls access rules, but then puts in a final class that can do that WITHOUT consulting the security manager)?
In my opinion, there should be ONE manager of the whole application that
handles permissions/rights, etc. Can anyone help me here? What should I do
to correctly implement a real security manager that truly manages all access
and will work in any JVM (with Java 2)?
 
GeeCON Prague 2014
 
subject: Java Security Architecture Problem - What do I do?