ch09s08.html

详细介绍了jboss3.0的配置等

<html><head>
      <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
   <title>The JBoss Security Model</title><link rel="stylesheet" href="styles.css" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/styles.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets Vimages/callouts/"><link rel="home" href="index.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/index.html" title="JBoss 3.0 Documentation"><link rel="up" href="ch09.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09.html" title="Chapter 9. JBossSX Security Extension Framework"><link rel="previous" href="ch09s02.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s02.html" title="EJB Security Overview"><link rel="next" href="ch09s09.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s09.html" title="The JBossSX Default Security Manager: JaasSecurityManager"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><table border="0" cellpadding="0" cellspacing="0" height="65"><tr height="65"><td rowspan="2"><img src="jboss.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/jboss.gif" border="0"></td><td rowspan="2" background="gbar.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/gbar.gif" width="100%" align="right" valign="top"><a href="index.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/index.html"><img src="doc.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/doc.gif" border="0"></a><a href="ch09.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09.html"><img src="toc.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/toc.gif" border="0"></a><a href="ch09s02.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s02.html"><img src="prev.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/prev.gif" border="0"></a><a href="ch09s09.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s09.html"><img src="next.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/next.gif" border="0"></a></td></tr><tr></tr></table><div class="section"><a name="sx.jboss.security-model"></a><div class="titlepage"><div><h2 class="title" style="clear: both"><a name="sx.jboss.security-model"></a>The JBoss Security Model</h2></div></div><p>The security model in JBoss is based on the server container architecture's pluggable method interceptors. JBossSX integrates into the JBoss server through the server container interceptor chain. Container security is handled by the org.jboss.ejb.plugins.SecurityInterceptor class. The SecurityInterceptor class relies on implementations of three security interfaces:</p><pre class="programlisting">package org.jboss.security; public interface EJBSecurityManager
{
    public boolean isValid(java.security.Principal principal, Object credential);
}</pre><pre class="programlisting">package org.jboss.security; public interface RealmMapping
{
    public java.security.Principal getPrincipal(java.security.Principal principal);
    public boolean doesUserHaveRole(java.security.Principal principal, Set roleNames);
}</pre><pre class="programlisting">package org.jboss.security; public interface SecurityProxy
{
    public void init(Class beanHome, Class beanRemote, Object securityMgr) throws InstantiationException;
    public void setEJBContext(EJBContext ctx);
    public void invokeHome(Method m, Object[] args) throws SecurityException;
    public void invoke(Method m, Object[] args, Object bean) throws SecurityException;
}</pre><div class="variablelist"><p><b>Security Interfaces</b></p><dl><dt><a name="d0e6214"></a><span class="term">org.jboss.security.EJBSecurityManager</span></dt><dd><p><a name="d0e6217"></a>An interface responsible for validating credentials associated with principals. Principals are identities and include things like usernames, employee numbers, social security numbers, etc. Credentials are proof of the identity and include things like passwords, session keys, digital signatures, etc.</p></dd><dt><a name="d0e6220"></a><span class="term">org.jboss.security.RealmMapping</span></dt><dd><p><a name="d0e6223"></a>An interface responsible for Principal mapping and role mapping. The getPrincipal method takes a user indentity as known in the operational environment and returns the application domain identity. The doesUserHaveRole method validates that the user identity in the operation environment has been assigned the indicated role from the application domain.</p></dd><dt><a name="d0e6226"></a><span class="term">org.jboss.security.SecurityProxy</span></dt><dd><p><a name="d0e6229"></a>An interface describing the requirements for a SecurityInterceptor proxy. A SecurityProxy allows for the externalization of custom security checks on a per-method basis for both the EJB home and remote interface methods.</p></dd></dl></div><p>These interfaces can be used to integrate any security infrastructure. An overview of the components of the SecurityInterceptor is given in <a href="ch09s08.html#sx.SecurityInterceptor.model" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s08.html#sx.SecurityInterceptor.model" title="Figure 9.2. The SecurityInterceptor Model">Figure 9.2</a>. An alternate view of the SecurityInterceptor elements in the form of a class diagram is given in <a href="ch09s08.html#sx.SecurityInterceptor.classes" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s08.html#sx.SecurityInterceptor.classes" title="Figure 9.3. The SecurityInterceptor Model">Figure 9.3</a>.</p><div class="figure"><p><a name="sx.SecurityInterceptor.model"></a><b>Figure 9.2. The SecurityInterceptor Model</b></p><div class="mediaobject"><img src="sx.SecurityInterceptor.model.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/sx.SecurityInterceptor.model.gif"></div></div><div class="figure"><p><a name="sx.SecurityInterceptor.classes"></a><b>Figure 9.3. The SecurityInterceptor Model</b></p><div class="mediaobject"><img src="sx.SecurityInterceptor.classes.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/sx.SecurityInterceptor.classes.gif"></div></div><p>JBossSX includes a default implementation of the EJBSecurityManager and RealmMapping interfaces in a single implementation class: org.jboss.security.plugins.JaasSecurityManager. It is a JAAS based implementation that relies on JAAS LoginModules to establish the Principal identity and roles in the authenticated Subject Principals set. When using the JaasSecurityManager, integration with your security environments authentication and role mapping logic is achieved by writing custom javax.security.auth.spi.LoginModule implementations. The JaasSecurityManager will be discussed in detail in the next section.</p><p>Note that the security interfaces have no reliance on JAAS specific classes. If you don't want to use JAAS for your security implementation or integration you are free to write your own security manager implementation.</p></div><table border="0" cellpadding="0" cellspacing="0" height="65"><tr height="65"><td rowspan="2"><img src="gbar.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/gbar.gif" width="432" height="79"></td><td rowspan="2" background="gbar.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/gbar.gif" width="100%" align="right" valign="top"><a href="index.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/index.html"><img src="doc.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/doc.gif" border="0"></a><a href="ch09.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09.html"><img src="toc.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/toc.gif" border="0"></a><a href="ch09s02.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s02.html"><img src="prev.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/prev.gif" border="0"></a><a href="ch09s09.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s09.html"><img src="next.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/next.gif" border="0"></a></td></tr><tr></tr></table></body></html>