Limiting Access to System Properties

Contents Authentication and Authorization Problem Description Solution JAAS Login Modules

I. Authentication and Authorization JAAS can be used for two purposes: Authentication is concerned with ascertaining the identity of a program user. Authorization maps users to permissions. Login modules in the com.sun.security.auth.module UnixLoginModule NTLoginModule Krb5LoginModule JndiLoginModule KeyStoreLoginModule

1. Authentication JAAS authentication is performed in a pluggable fashion. This permits Java applications to remain independent from underlying authentication technologies. New or updated technologies can be plugged in without requiring modifications to the application itself. An implementation for a particular authentication technology to be used is determined at runtime. The implementation is specified in a login configuration file.

1.1 The Authentication Code 1.2 The Login Configuration 1.3 Running the Code 1.4 Running the Code with a Security Manager

1.1 The Authentication Code The code for authenticating the user is very simple, consisting of just two steps: Instantiate a LoginContext. Call the LoginContext's login method.

Instantiating a LoginContext import javax.security.auth.login.*; . . . LoginContext lc = new LoginContext( <config file entry name>, <CallbackHandler to be used for user interaction>); import javax.security.auth.login.*; import com.sun.security.auth.callback.TextCallbackHandler; . . . LoginContext lc = new LoginContext( "JaasSample", new TextCallbackHandler() );

The arguments are the following: 1. The name of an entry in the JAAS login configuration file This is the name for the LoginContext to use to look up an entry for this application in the JAAS login configuration file, described here. Such an entry specifies the class(es) that implement the desired underlying authentication technology(ies). The class(es) must implement the LoginModule interface, which is in the javax.security.auth.spi package.

2. A CallbackHandler instance When a LoginModule needs to communicate with the user, for example to ask for a user name and password, it does not do so directly. The LoginModule invokes a CallbackHandler to perform the user interaction and obtain the requested information, such as the user name and password. (CallbackHandler is an interface in the javax.security.auth.callback pkg.) TextCallbackHandler DialogCallbackHandler

Calling the LoginContext's login Method Once we have a LoginContext lc, we can call its login method to carry out the authentication process: lc.login(); The LoginContext instantiates a new empty javax.security.auth.Subject object (which represents the user or service being authenticated). The calling application can subsequently retrieve the authenticated Subject by calling the LoginContext's getSubject method.

1.2 The Login Configuration The login configuration file jaas.conf JaasSample { com.sun.security.auth.module.NTLoginModule required; }; This entry is named "JaasSample". The entry specifies that the LoginModule to be used to do the user authentication is the NTLoginModule in the com.sun.security.auth.module package is required to "succeed" in order for authentication to be considered successful.

1.3 Running the Code 1. Place the JaasAcn.java application source file and the jaas.conf login configuration file into a directory. 2. Compile JaasAcn.java: javac JaasAcn.java 3. Execute the JaasAcn application java - Djava.security.auth.login.config=jaas.conf JaasAcn

1.4 Running the Code with a Security Manager When a Java program is run with a security manager installed: The program is not allowed to access resources or otherwise perform security- sensitive operations unless it is explicitly granted permission to do so by the security policy in effect. In Java platforms that are compatible with J2SE v 1.2 and later, the permission must be granted by an entry in a policy file.

1. Place the JaasAcn. java application source file and the jaas 1. Place the JaasAcn.java application source file and the jaas.conf login configuration file into a directory. 2 Compile JaasAcn.java: javac JaasAcn.java 3. Create a JAR file containing JaasAcn.class: jar -cvf JaasAcn.jar JaasAcn.class This command creates a JAR file, JaasAcn.jar, and places the JaasAcn.class file inside it.

4. Create a policy file jaasacn 4. Create a policy file jaasacn.policy granting the code in the JAR file the required permission. LoginContext lc = new LoginContext("JaasSample", new TextCallbackHandler()); Thus, the permission that needs to be granted to JaasAcn.jar is permission javax.security.auth.AuthPermission "createLoginContext.JaasSample";

5. Execute the JaasAcn application java -classpath JaasAcn.jar -Djava.security.manager -Djava.security.policy=jaasacn.policy - Djava.security.auth.login.config=jaas.conf JaasAcn

java -classpath JaasAcn. jar. -Djava. security. auth. login java -classpath JaasAcn.jar -Djava.security.auth.login.config=jaas.conf JaasAcn

2. Authorization JAAS authorization extends the existing Java security architecture that uses a security policy to specify what access rights are granted to executing code. When an application uses JAAS authentication to authenticate the user (or other entity such as a service), a Subject is created as a result. The purpose of the Subject is to represent the authenticated user. A Subject is comprised of a set of Principals, where each Principal represents an identity for that user. Permissions can be granted in the policy to specific Principals.

The basic format of a grant statement is grant <signer(s) field>, <codeBase URL> , <Principal field(s)> { permission perm_class_name "target_name", "action"; .... permission perm_class_name "target_name", "action"; }; A Principal field looks like the following: Principal Principal_class "principal_name"

To create and associate a Subject with an access control context The user must first be authenticated. The static doAs method from the Subject class must be called, passing it an authenticated Subject and a java.security.PrivilegedAction or java.security.PrivilegedExceptionAct ion. The doAs method associates the provided Subject with the current access control context and then invokes the run method from the action.

The static doAsPrivileged method from the Subject class may be called instead of the doAs method. In addition to the parameters passed to doAs, doAsPrivileged requires a third parameter: an AccessControlContext. Unlike doAs, which associates the provided Subject with the current access control context, doAsPrivileged associates the Subject with the provided access control context.

Running the application javac JaasAcn.java SampleAction.java jar -cvf JaasAcn.jar JaasAcn.class jar -cvf SampleAction.jar SampleAction.class java -classpath JaasAcn.jar;SampleAction.jar -Djava.security.auth.login.config=jaas.conf JaasAcn

II. Problem Description Develop a program that allows (authorizes) a certain user on the machine to access system properties with the prefix “user.” only

III. Solution 1. Authentication Configuration File 2. Authorization Policy File 3. Developing the Login-Do-Logout Class 4. Developing the Privileged Action Class 5. Running the Application

1. Authentication Configuration File

2. Authorization Policy File

3. Developing the Login-Do-Logout Class

4. Developing the Privileged Action Class

5. Running the Application javac *.java jar cvf login.jar Main.class jar cvf action.jar SystemPropertyAction.class java -classpath login.jar;action.jar -Djava.security.policy=Authorization.policy -Djava.security.auth.login.config=jaas.config Main

IV. JAAS Login Modules Implementing your own login module Supplying your own login module is useful if you store login information in a database. Implementing role-based authentication Role-based authentication is essential if you manage a large number of users. It would be impractical to put the names of all legitimate users into a policy file. Instead, the login module should map users to roles such as "admin" or "HR," and the permissions should be based on these roles.

Preparing Login Information Structure of the file <username>|<password>|<role>

The Authentication File options

The Authorization Policy File

Running the Application javac *.java Jar cvf login.jar JAAS*.class Simple*.class jar cvf action.jar SystemPropertyAction.class java -classpath login.jar;action.jar -Djava.security.policy=Authorization.policy -Djava.security.auth.login.config=jaas.config JAASTest