1. Module 7 Security and Transactions

2. Security and Transactions Topics to be Covered: Security and the Enterprise Transactions

3. Security and Transactions Security and the Enterprise

4. Security Issues Hermetically sealed vs. networked environment Executable content on the Web Security on the browser Security in the enterprise Security on the network –author authentication –data authentication

5. Security Requirements Authenticity –identification mechanism Integrity –unaltered messages Non-repudiation –certainty in authorization Confidentiality –secure communications

6. Java Virtual Machine Security Indirect execution Language features Protection domains class Bytecode Verifier Class Loader Security Manager/ Access Controller O.S.

7. JVM Access Control Evolution Java sandbox Applet security –SecurityManager enforces Digital signatures Policy –Permissions –CodeSource –AccessController enforces Class from xyz.com signed by JJInc. Permissions

8. Enterprise JavaBean Security Authentication –Validates the identity of the user –Login screen –Basic, Digest, Form-Based Authorization –Access Control Confidentiality and Integrity Protection –Secure Communication SSL (key exchange) Encryption

9. Authentication through JNDI Every client application must be associated with a security identity –users –roles properties.put(Context.SECURITY_PRINCIPAL, user ); properties.put(Context.SECURITY_CREDENTIALS, password ); javax.naming.Context jndiContext = new javax.naming.InitialContext(properties); Object ref = jndiContext.lookup("java:comp/env/ejb/RoomEJB"); RoomHomeRemote home = (RoomHomeRemote) javax.rmi.PortableRemoteObject.narrow(ref, RoomHomeRemote.class);

10. Role-Driven Access Control Deployment descriptors describe authorization information based on logical roles Logical roles mapped to real security roles during actual deployment This role represents a merchant authorized to make payments on the system AUTHORIZED_MERCHANT

11. Method Permissions Bean method access are associated with logical roles AUTHORIZED_MERCHANT ProcessPaymentBean byCredit

12. Unchecked methods Security Permissions not checked Used instead of ProcessPaymentBean byCash

13. Method Permissions with Annotations @Stateless @RolesAllowed(“AUTHORIZED_MERCHANT”) public class ProcessPaymentBean implements ProcessPaymentRemote, ProcessPaymentLocal { ……… public boolean byCredit(Customer cust, CreditCardDO card, double amount) throws PaymentException {………} private boolean process( ……… ) {………}

14. Method Permissions with Annotations ……… @PermitAll public boolean byCash(Customer cust, double amount) throws PaymentException {………} @RolesAllowed(“CHECK_FRAUD_ENABLED”) public boolean byCheck(Customer cust, CheckDO check, double amount) {………} }

15. The runAs security identity Specifies under which identity the EJB will run when it calls other methods... TravelAgentBean... AUTHORIZED_MERCHANT

16. The runAs security identity @Stateful @RunAs(“AUTHORIZED_MERCHANT”) public class TravelAgentBean implements TravelAgentRemote { ……… }

17. Running as the Caller Specifies the EJB will run under the caller’s identity... EmployeeService...

18. Security Identity and MDBs Message-driven beans have only a runAs identity –For MDBs, there is no “caller” Clients that send messages to MDBs are not associated with the messages Called identity does not propagate Message-driven beans must always specify a runAs security identity if they interact with other secured session beans

19. Security and Transactions Transactions

20. Software Transactions Embody the concept of a commercial exchange Execution of a unit of work –Must perform reliably 100% of the time Atomic –Execute completely or not at all Consistent –Integrity of underlying data store Isolated –Data cannot be interfered with externally Durable –Retain information if system crashes

21. Declarative Transaction Management Transactions not hard-coded into business logic Reduces complexity of transactions for developers Controlled using @TransactionAttribute annotation or the deployment descriptor Transactions can be set for specific methods

22. Transaction Scope Session EJBs and Entities participating in a transaction TravelAgentEJB –bookReservation() method Creates Reservation Entity Uses ProcessPayment EJB EJB Unit of Work –Every EJB method invoked in a transaction Transaction propagated to every EJB & the entity manager within the transaction scope Dependent on EJB transaction attributes

23. Transaction Attributes Not Supported –Transaction scope (TS) is not propagated Supports –TS propagated if invoked by a transactional client –No TS if invoked by a nontransactional client Required –TS propagated if invoked by a transactional client –New TS started if invoked by a nontransactional client

24. Transaction Attributes RequiresNew –New TS always started Mandatory –TS propagated if invoked by a transactional client –Invocation fails if invoked by a nontransactional client Never –No TS allowed –Invocation fails if invoked by a transactional client –Invocation OK if invoked by a nontransactional client

25. element … TravelAgentEJB * NotSupported TravelAgentEJB bookPassage Required …

26. @TransactionAttribute Annotation @Stateful @TransactionAttribute(NOT_SUPPORTED) public class TravelAgentBean implements TravelAgentRemote { public void setCustomer(Customer cust) {……} @TransactionAttribute(REQUIRED) public TicketDO bookReservation(CreditCardDO, double price) {……} ……… }

27. Transaction Propagation Client Application ProcessPayment EJB Required TravelAgent EJB RequiresNew Reservation EJB Required bookReservation()

28. Transaction Isolation The “I” in ACID –Data within a transactions unaffected by other parts of the system Dirty Read –Reading uncommitted changes Repeatable Reads –Identical data reads during same transaction despite changes in existing records from a different transaction Phantom Reads –Different data reads during same transaction because of new records added by a different transaction

29. Transaction Isolation Levels TRANSACTION_NONE –Transactions disable or unsupported TRANSACTION_READ_UNCOMMITTED –Dirty, nonrepeatable, phantom reads occur TRANSACTION_READ_COMMITTED –Nonrepeatable, phantom reads occur TRANSACTION_REPEATABLE_READ –Phantom reads occur TRANSACTION_SERIALIZABLE –Dirty, nonrepeatable, phantom reads prevented

30. Explicit Transaction Management Not generally recommended Java Transaction API (JTA) –Provides transactional interface javax.transaction.UserTransaction // Get the user transaction javax.transaction.UserTransaction tran = …; tran.begin(); travelagent1.bookReservation(); travelagent2.bookReservation(); tran.commit();

31. Obtaining a UserTransaction Object Java EE Client Context ic = new InitialContext(); UserTransaction ut = (UserTransaction) ic.lookup("java:comp/env/UserTransaction");

32. Obtaining a UserTransaction Object Session Beans –Declaring Bean … OR @Stateless @TransactionManagement(TransactionManagerType. BEAN) public class XBean implements XBeanLocal { … }

33. Obtaining a UserTransaction Object Session Beans –Retrieving @Resource SessionContext sessionContext; UserTransaction ut = sessionContext.getUserTransaction(); ut.begin(); OR @Resource UserTransaction ut; @TransactionManagement(TransactionManagerType.BEAN) public class XBean implements XBeanLocal { … }

34. Stateful Session Synchronization Does Not Exist Method-ReadyPassive Transactional Method-Ready

35. SessionSynchronization public interface javax.ejb.SessionSynchronization { public abstract void afterBegin(); public abstract void beforeCompletion(); public abstract void afterCompletion (boolean committed); }

36. Transactional Method-Ready State Method-Ready Transactional Method-Ready afterBegin() Transactional Business Methods beforeCompletion() afterCompletion(true) OR afterCompletion(false)

37. Security and Transactions Topics to be Covered: Security and the Enterprise Transactions