I have a Java application that requires a user to log in, at which time the user is authenticated using the standard JAAS LoginContext. This initial application needs to start a set of child processes (using Runtime.exec()). These child processes need to inherit the user-based credentials of the initial application, but I don't want the user to have to type their username and password for every child process. Is there a secure way for the child processes to inherit the authentication results from the parent process? I've thought about command line arguments, environment variables, and socket connections back to the parent, but they all expose a vulnerability wherein a malicious process could obtain those credentials. Has anyone else solved this issue?
This is just a wild guess, since I don't have a lot of experience using Runtime.exec(), but Runtime.exec() is used to execute a "system" process on the server from the JVM. This means that any child of the JVM will inherit the identity of the JVM, not the JAAS login context. It is my understanding that the JAAS login context is related to the client, while the JVM identity is related to the server. This means that the two are separate and distinct entities, and you really can't define the JVM's identity to match the client's identity "directly". (You might be able to fake this by performing some sort of "set UID" functionality in the JVM, but I was unders the impression that there are security mechanisms to prevent this - since you are supposed to be operating in a sandbox that's isolated from the server's "system" environment.
A good question would be: what are you actually trying to accomplish? (Rather than asking everyone to debug your proposed solution, that way we might be able to provide an alternative that you haven't thought of...)
--<br />Robin D. Wilson
Joined: Sep 27, 2006
I am writing a set of applications (individual Java processes running in their own VM's) that all require authorization based on user identity (a login and password that will be distinct from the operating system login and password) before performing certain functions. There is one application that starts first, within which I am creating a LoginContext, presenting a "username/password" dialog, and then authenticating against the username/password provided by the user (using my own LoginModule as configured in the LoginContext config). This establishes the user's Subject and Principals within JAAS. Later, this application needs to start the other applications (using the Runtime.exec() method). These other applications need to authorize different actions performed by the user (using the AccessController and Permission objects in JAAS). I'd like the JAAS credentials (Subject and Permissions) that were established in the original application to be available to the other applications without forcing the user to type their username and password into each application.
This resembles a Single SignOn architecture, but there is no web server or other central place to hold onto the credentials.
I think you were assuming that I was talking about the UID that owns the Java process within the OS, but that's almost irrelevant in this case. I need the distinct identity/credentials established by JAAS and my own LoginModule to be propagated to the child processes, not just the OS process owner.
Does that help? -Eric
Joined: Sep 27, 2006
bump... has anyone implemented a solution for this kind of issue?