Security Implementation Mechanisms - The Java EE 5 Tutorial (original) (raw)

Document Information

Preface

Part I Introduction

1. Overview

2. Using the Tutorial Examples

Part II The Web Tier

3. Getting Started with Web Applications

4. Java Servlet Technology

5. JavaServer Pages Technology

6. JavaServer Pages Documents

7. JavaServer Pages Standard Tag Library

8. Custom Tags in JSP Pages

9. Scripting in JSP Pages

10. JavaServer Faces Technology

11. Using JavaServer Faces Technology in JSP Pages

12. Developing with JavaServer Faces Technology

13. Creating Custom UI Components

14. Configuring JavaServer Faces Applications

15. Internationalizing and Localizing Web Applications

Part III Web Services

16. Building Web Services with JAX-WS

17. Binding between XML Schema and Java Classes

18. Streaming API for XML

19. SOAP with Attachments API for Java

Part IV Enterprise Beans

20. Enterprise Beans

21. Getting Started with Enterprise Beans

22. Session Bean Examples

23. A Message-Driven Bean Example

Part V Persistence

24. Introduction to the Java Persistence API

25. Persistence in the Web Tier

26. Persistence in the EJB Tier

27. The Java Persistence Query Language

Part VI Services

28. Introduction to Security in the Java EE Platform

Overview of Java EE Security

A Simple Security Example

Step 1: Initial Request

Step 2: Initial Authentication

Step 3: URL Authorization

Step 4: Fulfilling the Original Request

Step 5: Invoking Enterprise Bean Business Methods

Security Functions

Characteristics of Application Security

Securing Containers

Using Deployment Descriptors for Declarative Security

Using Annotations

Using Programmatic Security

Securing the Application Server

Working with Realms, Users, Groups, and Roles

What Are Realms, Users, Groups, and Roles?

What Is a Realm?

What Is a User?

What Is a Group?

What Is a Role?

Some Other Terminology

Managing Users and Groups on the Application Server

Adding Users to the Application Server

Adding Users to the Certificate Realm

Setting Up Security Roles

Mapping Roles to Users and Groups

Establishing a Secure Connection Using SSL

Installing and Configuring SSL Support

Specifying a Secure Connection in Your Application Deployment Descriptor

Verifying SSL Support

Tips on Running SSL

Working with Digital Certificates

Creating a Server Certificate

Signing Digital Certificates

Using a Different Server Certificate with the Application Server

Miscellaneous Commands for Certificates

Enabling Mutual Authentication over SSL

Creating a Client Certificate for Mutual Authentication

Further Information about Security

29. Securing Java EE Applications

30. Securing Web Applications

31. The Java Message Service API

32. Java EE Examples Using the JMS API

33. Transactions

34. Resource Connections

35. Connector Architecture

Part VII Case Studies

36. The Coffee Break Application

37. The Duke's Bank Application

Part VIII Appendixes

A. Java Encoding Schemes

B. About the Authors

Index

Security Implementation Mechanisms

The characteristics of an application should be considered when deciding the layer and type of security to be provided for applications. The following sections discuss the characteristics of the common mechanisms that can be used to secure Java EE applications. Each of these mechanisms can be used individually or with others to provide protection layers based on the specific needs of your implementation.

Java SE Security Implementation Mechanisms

Java SE provides support for a variety of security features and mechanisms, including:

• Java Authentication and Authorization Service (JAAS): JAAS is a set of APIs that enable services to authenticate and enforce access controls upon users. JAAS provides a pluggable and extensible framework for programmatic user authentication and authorization. JAAS is a core Java SE API and is an underlying technology for Java EE security mechanisms.
• Java Generic Security Services (Java GSS-API): Java GSS-API is a token-based API used to securely exchange messages between communicating applications. The GSS-API offers application programmers uniform access to security services atop a variety of underlying security mechanisms, including Kerberos.
• Java Cryptography Extension (JCE): JCE provides a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. Support for encryption includes symmetric, asymmetric, block, and stream ciphers. Block ciphers operate on groups of bytes while stream ciphers operate on one byte at a time. The software also supports secure streams and sealed objects.
• Java Secure Sockets Extension (JSSE): JSSE provides a framework and an implementation for a Java version of the SSL and TLS protocols and includes functionality for data encryption, server authentication, message integrity, and optional client authentication to enable secure Internet communications.
• Simple Authentication and Security Layer (SASL): SASL is an Internet standard (RFC 2222) that specifies a protocol for authentication and optional establishment of a security layer between client and server applications. SASL defines how authentication data is to be exchanged but does not itself specify the contents of that data. It is a framework into which specific authentication mechanisms that specify the contents and semantics of the authentication data can fit.

Java SE also provides a set of tools for managing keystores, certificates, and policy files; generating and verifying JAR signatures; and obtaining, listing, and managing Kerberos tickets.

For more information on Java SE security, visit its web page athttp://download.oracle.com/javase/6/docs/technotes/guides/security/.

Java EE Security Implementation Mechanisms

Java EE security services are provided by the component container and can be implemented using declarative or programmatic techniques (container security is discussed more in Securing Containers). Java EE security services provide a robust and easily configured security mechanism for authenticating users and authorizing access to application functions and associated data at many different layers. Java EE security services are separate from the security mechanisms of the operating system.

Application-Layer Security

In Java EE, component containers are responsible for providing application-layer security. Application-layer security provides security services for a specific application type tailored to the needs of the application. At the application layer, application firewalls can be employed to enhance application protection by protecting the communication stream and all associated application resources from attacks.

Java EE security is easy to implement and configure, and can offer fine-grained access control to application functions and data. However, as is inherent to security applied at the application layer, security properties are not transferable to applications running in other environments and only protect data while it is residing in the application environment. In the context of a traditional application, this is not necessarily a problem, but when applied to a web services application, where data often travels across several intermediaries, you would need to use the Java EE security mechanisms along with transport-layer security and message-layer security for a complete security solution.

The advantages of using application-layer security include the following:

• Security is uniquely suited to the needs of the application.
• Security is fine-grained, with application-specific settings.

The disadvantages of using application-layer security include the following:

• The application is dependent on security attributes that are not transferable between application types.
• Support for multiple protocols makes this type of security vulnerable.
• Data is close to or contained within the point of vulnerability.

For more information on providing security at the application layer, read Securing Containers.

Transport-Layer Security

Transport-layer security is provided by the transport mechanisms used to transmit information over the wire between clients and providers, thus transport-layer security relies on secure HTTP transport (HTTPS) using Secure Sockets Layer (SSL). Transport security is a point-to-point security mechanism that can be used for authentication, message integrity, and confidentiality. When running over an SSL-protected session, the server and client can authenticate one another and negotiate an encryption algorithm and cryptographic keys before the application protocol transmits or receives its first byte of data. Security is “live” from the time it leaves the consumer until it arrives at the provider, or vice versa, even across intermediaries. The problem is that it is not protected once it gets to its destination. One solution is to encrypt the message before sending.

Transport-layer security is performed in a series of phases, which are listed here:

• The client and server agree on an appropriate algorithm.
• A key is exchanged using public-key encryption and certificate-based authentication.
• A symmetric cipher is used during the information exchange.

Digital certificates are necessary when running secure HTTP transport (HTTPS) using Secure Sockets Layer (SSL). The HTTPS service of most web servers will not run unless a digital certificate has been installed. Digital certificates have already been created for the Application Server. If you are using a different server, use the procedure outlined in Working with Digital Certificates to set up a digital certificate that can be used by your web or application server to enable SSL.

The advantages of using transport-layer security include the following:

• Relatively simple, well understood, standard technology.
• Applies to message body and attachments.

The disadvantages of using transport-layer security include the following:

• Tightly-coupled with transport-layer protocol.
• All or nothing approach to security. This implies that the security mechanism is unaware of message contents, and as such, you cannot selectively apply security to portions of the message as you can with message-layer security.
• Protection is transient. The message is only protected while in transit. Protection is removed automatically by the endpoint when it receives the message.
• Not an end-to-end solution, simply point-to-point.

For more information on transport-layer security, read Establishing a Secure Connection Using SSL.

Message-Layer Security

In message-layer security, security information is contained within the SOAP message and/or SOAP message attachment, which allows security information to travel along with the message or attachment. For example, a portion of the message may be signed by a sender and encrypted for a particular receiver. When the message is sent from the initial sender, it may pass through intermediate nodes before reaching its intended receiver. In this scenario, the encrypted portions continue to be opaque to any intermediate nodes and can only be decrypted by the intended receiver. For this reason, message-layer security is also sometimes referred to as end-to-end security.

The advantages of message-layer security include the following:

• Security stays with the message over all hops and after the message arrives at its destination.
• Security can be selectively applied to different portions of a message (and to attachments if using XWSS).
• Message security can be used with intermediaries over multiple hops.
• Message security is independent of the application environment or transport protocol.

The disadvantage of using message-layer security is that it is relatively complex and adds some overhead to processing.

The Application Server supports message security. It uses Web Services Security (WSS) to secure messages. Because this message security is specific to the Application Server and not a part of the Java EE platform, this tutorial does not discuss using WSS to secure messages.

Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices