What are these Security Objectives:
* Denial of Service
* Confidential Information
* Injection and Inclusion
What are these Security Objectives:
* Accessibility and Extensibility
* Input Validation
* Mutability
What are these Security Objectives:
* Object Construction
* Serialization and Deserialzation
* Access Control
How permissions are check in Java?
How to restrict privileges through invoking java.security.AccessController.doPrivileged()?
Access Permission Control Example
Permission perm = new java.io.FilePermission(f.getPath(), "read"); PermissionCollection perms = perm.newPermissionCollection(); perms.add(perm);
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
l.add(fun.apply(f));
return null;
}},
new AccessControlContext(
new ProtectionDomain[] {
new ProtectionDomain(null, perms)
}
)
);
**By applying a new AccessControlContext with just the read permission, it ensures that even if the caller has full permissions, it is restricted to performing only the read operation.**</Void>
Permission perm = new java.io.FilePermission(f.getPath(), “read”);
AccessController.checkPermission(perm);
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
l.add(fun.apply(f));
return null;
}}
);
**This only checks whether the caller has read permission or not. It doesn't restrict the caller to doing only the read operation. If the caller already has write or delete permission, the caller will be able to overwrite and delete the files.**</Void>
What are the tow most important overloaded doPrivileged methods in java.security.AccessController?
- doPrivileged(PrivilegedAction<T> action) : In this method, an explicit AccessControlContext is not passed. So, the JVM checks for permissions associated with the method in which doPrivileged is being invoked. For example, the code for getProp() method of SecureClass1.java given in the problem statement uses this approach. Since the policy file contains read permission for a.jar, the code will be able to read java.home property irrespective of the permissions associated with the caller (i.e. SecureClass2's doWork) of this method.
In other words, for the purposes of security checks, the call stack is effectively truncated below the caller of doPrivileged. The immediate caller is included in security checks.</T> - doPrivileged(PrivilegedAction<T> action, AccessControlContext context) : In this method, an explicit AccessControlContext is passed. So, the JVM checks the permissions associated with the given context as well as the the permissions associated with the method in which doPrivileged is being invoked. An operation is allowed to proceed only if it is allowed for both. **In other words, the action is performed with the intersection of the permissions possessed by the caller's protection domain, and those possessed by the domains represented by the specified AccessControlContext.**</T>
-
Ch1 Welcome to Java8
-
Ch2 Java Building Blocks2
-
Ch3 Operators17
-
Ch4 Making Decision6
-
Ch5 Core Java APIs37
-
Ch6 Lambdas and Functional Interfaces2
-
Ch7 Methods and Encapsulation15
-
Ch8 Class Design22
-
Ch9 Advanced Class Design16
-
Ch10 Modules10
-
Ch11 Exceptions27
-
Ch12 Java Fundmentals49
-
Ch13 Annotations48
-
Ch14 Generics and Collections93
-
Ch15 Functional Programming86
-
Ch16 Exceptions, Assertions, and Localization56
-
Ch17 Modular Applications9
-
Ch18 Concurrency69
-
Ch19 I/O18
-
Ch20 NIO.238
-
Ch21 JDBC17
-
Ch22 Security6
