JAAS Java Authentication and Authorization Services
|
|
- Victor Lucas
- 8 years ago
- Views:
Transcription
1 JAAS Java Authentication and Authorization Services Bruce A Rich Java Security Lead IBM/Tivoli Systems Java is a trademark and Java 2 is a registered trademark of Sun Microsystems Inc.
2 Trademarks Java, Java 2 are trademarks or registered trademarks of Sun Microsystems Inc. Windows 2000 is a registered trademark of Microsoft
3 Talk Outline JAAS fundamentals JAAS case study with Kerberos Backup materials Java2 security model JAAS and J2EE relationships
4 JAAS fundamentals Emphasis on "fun" or "mental"? Java is a trademark and Java 2 is a registered trademark of Sun Microsystems Inc.
5 What is JAAS? Add the concept of "user identity" to the Java 2 security model Enable existing security services to plug in Compatibly extend the current model
6 Key elements Authentication framework Assertion of identity Enhanced authorization Low level of binding between authentication and authorization
7 Authentication framework Authentication framework Policy-based Generic and abstract Sufficient for today's mechanisms, extensible Pluggable, stackable Key abstractions Subject - any user of computing Collection of Principals, credentials Principal (java.security) Has a name
8 Assertion of identity Avoids incompatible behavior Lexically scopes identity Logically associates Subject with current Thread static Object Subject.doAs(Subject, action)
9 Enhanced Authorization Augmentation of current Permission specification Principal-based Any authentication with any Permission Example in Kerberos section
10 Java 2 Security Model Local or remote code (signed or unsigned) Domain A Security Policy Domain B Sandbox Ability to grant specific permissions to a particular piece of code about accessing specific resources on the client, depending on the signer of the code and/or the location from which the code was loaded. JVM Domain C Resources
11 Java 2 Permission Model SecureClassLoader Class A Class A's Protection Domain Certificate 1 Certificate 2... Code Base URL Permission 1 Permission 2... POLICY Certificate N Permission M Code Source Protection Domain Permission Collection
12 Java 2 Authorization Model Cert 1,I Cert 1,2... Cert 1,N 1 Code Base URL Perm 1,1 Perm 1,2... Perm 1,M 1 Class 1 Class 2... Cert 2,1 Cert 2,2... Cert 2,N Code Source Code Source Code Base URL Class K... 2 Permission Collection Perm 2,1 Perm 2,2... Perm 2,M 2 Permission Collection Permission to check Cert K,1 Cert K,2... Cert K,N K Code Base URL Perm K,1 Perm K,2... Perm K,M K Code Source Permission Collection
13 JAAS Authorization Model SecureClassLoader Class A Subject Y Class A's Protection Domain Subject Y's Protection Domain POLICY Certificate 1 Certificate 2... Code Base URL Permission 1 Permission 2... Permission 1 Permission 2... Certificate N Permission M Permission M Code Source Protection Domain Permission Collection Permission Collection POLICY
14 JAAS A Case Study with Kerberos Java is a trademark and Java 2 is a registered trademark of Sun Microsystems Inc.
15 Building blocks LoginModule 5 methods New java.security.principal subclass Allows granting Permissions based on this new Principal class Possibly some "credentials" related to Principal Allows proof of identity at some later time
16 Kerberos Authentication Using JAAS KerberosUserPrincipal Allows permissions based on this authentication technique KerberosTGTCredential Allows further service acquisition without requiring password
17 KerberosUserPrincipal public class KerberosUserPrincipal extends Principal { private String name; // user name public KerberosUserPrincipal(String username) { name = username } } public String getname() { return name; }...
18 KerberosTGTCredential public class KerberosTGTCredential extends Object { private KrbCreds creds; public KerberosTGTCredential(KrbCreds creds) { this.creds = creds }; } public KrbCreds getcreds() { return creds; }...
19 KerberosLoginModule public KerberosLoginModule extends LoginModule { private KerberosUserPrincipal kup; } private KerberosTGTCredential ktc; private Subject subj; public void initialize (Subject s...) { subj=s;... } public boolean login() { if (callbackhandler == null) { // no way to get parameters??? } else { get username, pw, realm; authenticate, remember kup and tkc; } } public boolean commit() { subj.getprincipals.add(kup); subj.getpubliccredentials.add(ktc); }
20 Windows 2000 Interoperability If in a Windows 2000 domain, already have a Kerberos ticket, but how to use from Java? New wrinkle for KerberosLoginModule LSACallAuthenticationPackage KerbRetrieveEncodedTicketMessage + lots of JNI magic === KerberosTGTCredential for current Subject
21 Permissions using Kerberos grant signedby "mykey", codebase "file:e:/solutions/app/*" principal com.ibm.security.auth.kerberosuserprincipal "brich" { permission com.ebank.accountaccess "CloseAccount"; };
22 Configuring to use Kerberos testkerberosal { com.ibm.security.auth.kerberosloginmodule required debug=true; };...login configuration file... LoginContext lc = new LoginContext("testKerberosAL"); lc.login(); Subject whoami = lc.getsubject(); Subject.doAs(lc.getSubject(), someactioninstance);......code in exploiting application
23 Summary JAAS extends base security model to accomodate concept of "users" Pluggable, extensible Kerberos provides an excellent illustration of the power and ease of using JAAS to extend application security
24 Resources Java 2 Network Security Marco Pistoia, et al, Prentice Hall, 1999, ISBN Java and Internet Security Shrader, Rich, Nadalin, IUniverse, 2000, ISBN Kerberos V5 GSS V2 Java bindings for GSS
25 Backup Materials Java 2 Authorization Model Java is a trademark and Java 2 is a registered trademark of Sun Microsystems Inc.
26 Java 2 Standard Edition Security: Review CodeSource Authorization Java is a trademark and Java 2 is a registered trademark of Sun Microsystems Inc.
27 CodeSource Combination of a set of Signers (certificates) and a code base URL Certificate 1 Certificate 2... Certificate N Code Base URL CodeSource
28 Policy A Permission is an access right to a protected resource In Java 2, Permissions are stored in the Policy object The reference implementation is file based
29 Sample Java 2 Policy grant entries Describe Permissions granted to CodeSources An entry may contain one or more Permissions grant signedby "mykey", codebase "file:e:/mydir/app/*" { }; permission java.lang.runtimepermission "queueprintjob";
30 ProtectionDomain A ProtectionDomain contains: A CodeSource The Permissions granted to the CodeSource SecureClassLoader assigns a ProtectionDomain to each loaded class Classes with different CodeSources belong to different ProtectionDomains Certificate 1 Certificate 2... Certificate N Code Base URL Permission 1 Permission 2... Permission M CodeSource PermissionCollections ProtectionDomain
31 Classes, ProtectionDomains & Permissions Each class is assigned to only one ProtectionDomain As determined by its CodeSource Each ProtectionDomain may include zero or more Permissions Multiple classes from the same CodeSource are assigned the same ProtectionDomain
32 Example of Guard on Protected Resource... /* Check to see if the calling code is authorized. If not, a SecurityException (AccessControlException) will be thrown */ AccessController.checkPermission( new RuntimePermission("queuePrintJob")); // Trusted code starts here....
33 The GetProperty Example import java.security.*; class GetProperty { public static void main(string[] args) { try { if (args.length > 0) { String s = System.getProperty(args[0],"name " + args[0] + " not specified"); System.out.println(args[0] + " property value is: " + s); } else { System.out.println("Property name required"); } } catch(exception e){ System.err.println("Caught exception " + e.tostring()); } } }
34 Threads of Execution in Java Each thread in the JVM contains a number of stack frames Each stack frame contains the method instance variables for a method called in the current thread A thread of execution may: Occur completely within a single protection domain May involve application ProtectionDomain(s) and the system ProtectionDomain
35 Check of Current Thread 1. AccessController is in the system ProtectionDomain Permission is implicitly granted Proceed to the next frame on the thread stack 2. SecurityManager is in the system ProtectionDomain Permission is implicitly granted Proceed to the next frame on the thread stack 3. System is in the system ProtectionDomain Permission is implicitly granted Proceed to the next frame on the thread stack 4. GetProperty is in the application domain Is the permission granted? If yes, then proceed to the next frame on the thread stack If no, throw a SecurityException Calling hierarchy GetProperty.main() java.lang.system.getproperty() java.lang.securitymanager.checkpropertyaccess() java.security.accesscontroller.checkpermission() checkpermission() testing
36 Determining the Permission Set of a Thread The Permission set of a thread is the intersection of all ProtectionDomains traversed by the execution thread ProtectionDomain 2 I i = 1, 2, K, K j= 1, 2, K, Perm i M i, j ProtectionDomain 1 ProtectionDomain K
37 Authorization - Permissions Class1.methodA calls Class2.methodB ProtectionDomain for Class1 = { P1, P3 } P1 P3 P2 ProtectionDomain for Class2 = { P2, P3 } checkpermission(p1) fails checkpermission(p2) fails checkpermission(p3) succeeds
38 Authorization - Permissions Class1.methodA calls Class2.methodB Calls AccessController.doPrivileged() Class2.methodC ProtectionDomain for Class1 = { P1, P3 } P1 P3 P2 checkpermission(p1) fails checkpermission(p2) succeeds checkpermission(p3) succeeds ProtectionDomain for Class2 = { P2, P3 }
39 Authorization - Permissions Class1.methodA calls doprivileged(accesscontrolcontext({p3,p4})) calls Class2.methodB ProtectionDomain for Class1 = { P1, P3 } AccessControlContext = {P3, P4} P1 P3 P4 P2 checkpermission(p3) succeeds All others fail. ProtectionDomain for Class2 = { P2, P3 }
40 Lexical Scoping of Privilege Modification How privileged code works Why it is necessary Algorithm for run-time access control verification
41 Why Privileged Code? An application is not allowed to access font files The system utility to display a document must obtain those fonts on behalf of the user The application is temporarily enabled to access the font files Application System utility File System
42 The Privileged Code Mechanism doprivileged() annotates the stack frame AccessController.checkPermission() stops Permission testing at this stack frame ProtectionDomain for the class and all the classes that it calls are checked ProtectionDomain of its callers are not checked Call hierarchy Caller class Permission testing not performed Caller class Permission testing not performed Class called Permission testing performed Class called Permission testing performed Class called Permission testing performed Class called Permission testing performed checkpermission() testing
43 Example Privileged Code Must use java.security.privilegedaction interface The run() method contains code needing privilege AccessController.doPrivileged() Takes PrivilegedAction object argument Invokes its run() method Returns the run() method's return value
44 Example - Anonymous Inner Class somemethod() { // some normal code here... AccessController.doPrivileged(new PrivilegedAction() { public Object run() { // privileged code goes here, for example: System.loadLibrary("awt"); return null; // nothing to return } } ); } // some normal code here...
45 AccessController Algorithm - Stage 1 Build AccessControlContext for use in stage 2 For each class on the thread stack: Get the class's ProtectionDomain If the stack frame is annotated by a doprivileged(), Exit the loop If the last stack frame checked is not annotated with by a doprivileged(), Add the ProtectionDomains inherited by the current thread when the current thread was instantiated
46 AccessController Algorithm - Stage 2 Check each ProtectionDomain to see whether it contains the Permission being checked If no ProtectionDomains from step1, Return (only fully trusted code is running) For each unique ProtectionDomain P obtained in stage 1, Call P's implies() method with the Permission Does P imply the Permission being checked? If no, Throw an exception Else, Continue
47 JAAS / J2SE Authorization Relationship Policy based Uses a "principal" extension Lexically scoped Subject.doAs() & doasprivileged take a PrivilegedAction / PrivilegedExceptionAction as an argument But, no doprivileged() mark Authorization algorithm unmodified
48 Sample JAAS Policy Consists of grant entries Describe Permissions granted to CodeSources and Principals Each entry may contain one or more Permissions grant signedby "mykey", codebase "file:e:/solutions/app/*" principal com.esite.webprincipal "George" { permission java.lang.runtimepermission "queueprintjob"; };
49 Sample JAAS Policy - Roles "Roles" can be assigned to Subjects Authorization performed based on "Role" assigned to subject grant signedby "mykey", codebase "file:e:/solutions/app/*" principal com.edmv.methodrole "DMVSupervisor" { permission com.ebank.accountaccess "CloseAccount"; };
50 Example doas() Lexically scoped Subject... // Authenticate user & build a Subject wuser... // Switch to the authenticated user Subject.doAs(wUser, new PrivilegedAction() { public Object Run(){ // Work to be done as wuser requiring // the addition of the user's privileges return processuserrequest(); } } // end of PrivilegedAction );
51 Subject.doAs() Effect Extends the effective ProtectionDomains of methods called after the Subject.doAs() call
52 Example scenario Thread / Class Permissions Effective Thread Permission Class 1 Class 2 { P1, P2 } { P1, P3 } { P1, P2 } { P1 } Class 3 Class 4 { P2 } { P1, P5 } { } { } checkpermission(p1) fails P c1 3 P c2 3 P c3 3 P c4 = { }
53 Augmented with doas() Thread / Class Permissions Effective Thread Permission Class 1 Class 2 { P1, P2 } { P1, P3 } { P1, P2 } { P1 } doas(x) { P1, P4 } Class 3 Class 4 { P2, P1, P4 } { P1, P5, P4 } { P1 } { P1 } checkpermission(p1) succeeds! P c1 3 P c2 3 (P c3 U P X ) 3 (P c4 U P X ) = { P1 }
54 Another doas() scenario Thread / Class Permissions Effective Thread Permission Class 1 { P1, P2 } { P1, P2 } doas(x) { P2, P3 } Class 2 { P1, P2, P3 } { P1, P2 } checkpermission(p2) succeeds! P c1 3 (P c2 U P X ) = { P1, P2 }
55 Another doas() scenario (con't) Thread / Class Permissions Effective Thread Permission Class 1 { P1, P2 } { P1, P2 } doas(x) { P2, P3 } Class 2 { P1, P2, P3 } { P1, P2 } doas(y) { P1, P3 } Class 2 { P1, P3 } { P1 } checkpermission(p2) fails! P c1 3(P c2 UP X )3(P c2 UP Y )={P1}
56 Summary Subject.doAs() extends the ProtectionDomains of all classes / methods which the PrivilegedAction object calls The basic CodeSource authorization algorithm is unmodified Subsequent Subject.doAs() calls replace the Subject in the authorization algorithm
57 JAAS and EJBs Java is a trademark and Java 2 is a registered trademark of Sun Microsystems Inc.
58 EJB Roles Enterprise Bean Provider Application Assembler Deployer System Administrator EJB Server Provider EJB Container Provider
59 Development/Deployment Process Enterprise Bean Providers Application Assembler Deployer System Administrator
60 JAAS->EJB security Containers implement security JAAS is a reasonable building block EJB security built around "roles" JAAS built around "Principal"s Mapping required/possible
61 JAAS->EJB security (cont) Identity (Principal) Mapping Front-end authenticated principal can be mapped to principal required by back-end systems Credential Mapping Used when application server s and backend support different authentication domains i.e. PKI to Kerberos Principal to EJB security role mapping
62 Exploiting J2SE Security (1/4) How can J2SE mechanisms perform container-based authentication / authorization? JAAS login modules perform principal authentication JAAS principal created Maps authenticated principal to EJB role(s) EJB method authorization is based on permission for an EJB role
63 Exploiting J2SE Security (2/4) Example: Role as principals : Mapping of principal to "role principals" happens in the JAAS login module iscallerinrole() looks for the appropriate EJB role principal in the in the current thread Typically, does the current caller have permission for this method? Method dispatch authorization tests check, via checkpermission(), the corresponding MethodPermission JAAS-like Syntax: grant MethodPermission(ejb.account.withdraw) to RolePrincipal(customer) grant MethodPermission(ejb.loan.borrow) to RolePrincipal(customer)
64 Exploiting J2SE Security (3/4) Example: Role as Permissions: Given principal-to-roles map, assign permissions for all roles to this principal Mapping takes place "statically" in the authorization policy definition Potential problems: Treats a role both as a principal and a permission Is dependent on a mapping from method permission from a role permission JAAS-like Syntax grant RolePermission(customer) to sam grant MethodPermission(ejb.account.withdraw) to RolePrincipal(customer) grant MethodPermission(ejb.loan.borrow) to RolePrincipal(customer)
65 Exploiting J2SE Security (4/4) Example: Role as collection of permissions and credential Role is granted a collection of permissions iscallerinrole() done by checking if caller has access to appropriate RolePermission collection Individual method permission test performed by searching the Role permission collections, granted to the subject, for a method permissions that matches desired operation JAAS-like Syntax define RolePermission (customer) as { MethodPermission(ejb.account.withdraw) MethodPermission(ejb.loan.borrow)... } grant RolePermission(customer) to sam
Customizing the Security Architecture
Chapter7.fm Page 113 Wednesday, April 30, 2003 4:29 PM CHAPTER7 Customizing the Security Architecture The office of government is not to confer happiness, but to give men opportunity to work out happiness
More informationUsing jlock s Java Authentication and Authorization Service (JAAS) for Application-Level Security
Using jlock s Java Authentication and Authorization Service (JAAS) for Application-Level Security Introduction Updated January 2006 www.2ab.com Access management is a simple concept. Every business has
More informationPassword-based authentication
Lecture topics Authentication and authorization for EJBs Password-based authentication The most popular authentication technology Storing passwords is a problem On the server machines Could encrypt them,
More informationtion server uses an RBAC system to control access to resources under its domain, and the enforcement of access rules is provided by a security
ABSTRACT SHAH, ARPAN PRAMOD. Scalable authorization in role-based access control using negative permissions and remote authorization (Under the direction of Dr. Gregory T. Byrd). Administration of access
More informationKAIST Cyber Security Research Center SAR(Security Analysis Report) Date. August 31, Modified
Document # Type Attack Trend Technical Analysis Specialty Analysis Title Date Modified Java Applet Vulnerability Analysis (CVE-2012-4681) August 25, KAIST Graduate School 2012 of Information Security Author
More informationWeb Application Access Control with Java SE Security
Web Application Access Control with Java SE Security Java Forum Stuttgart 2009 Jürgen Groothues Stuttgart, Agenda 1. Access Control Basics 2. The Java Authentication and Authorization Service (JAAS) 3.
More informationWebLogic Server 7.0 Single Sign-On: An Overview
WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of
More informationSINGLE SIGNON FUNCTIONALITY IN HATS USING MICROSOFT SHAREPOINT PORTAL
SINGLE SIGNON FUNCTIONALITY IN HATS USING MICROSOFT SHAREPOINT PORTAL SINGLE SIGNON: Single Signon feature allows users to authenticate themselves once with their credentials i.e. Usernames and Passwords
More informationOracle WebLogic Server
Oracle WebLogic Server Monitoring and Managing with the Java EE Management APIs 10g Release 3 (10.3) July 2008 Oracle WebLogic Server Monitoring and Managing with the Java EE Management APIs, 10g Release
More informationHow To Protect Your Computer From Being Hacked On A J2Ee Application (J2Ee) On A Pc Or Macbook Or Macintosh (Jvee) On An Ipo (J 2Ee) (Jpe) On Pc Or
Pistoia_ch03.fm Page 55 Tuesday, January 6, 2004 1:56 PM CHAPTER3 Enterprise Java Security Fundamentals THE J2EE platform has achieved remarkable success in meeting enterprise needs, resulting in its widespread
More informationModule 13 Implementing Java EE Web Services with JAX-WS
Module 13 Implementing Java EE Web Services with JAX-WS Objectives Describe endpoints supported by Java EE 5 Describe the requirements of the JAX-WS servlet endpoints Describe the requirements of JAX-WS
More informationA Flexible Security Architecture for the EJB Framework
A Flexible Security Architecture for the EJB Framework Frank Kohmann¹, Michael Weber², Achim Botz¹ ¹ TPS Labs AG, Balanstr 49, D-81541 München {frank.kohmann achim.botz}@tps-labs.com ² Abteilung Verteilte
More informationCopyright http://support.oracle.com/
Primavera Portfolio Management 9.0 Security Guide July 2012 Copyright Oracle Primavera Primavera Portfolio Management 9.0 Security Guide Copyright 1997, 2012, Oracle and/or its affiliates. All rights reserved.
More informationA Pluggable Security Framework for Message Oriented Middleware
A Pluggable Security Framework for Message Oriented Middleware RUEY-SHYANG WU, SHYAN-MING YUAN Department of Computer Science National Chiao-Tung University 1001 Ta Hsueh Road, Hsinchu 300, TAIWAN, R.
More informationWHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)
WHITE PAPER Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) SEPTEMBER 2004 Overview Password-based authentication is weak and smart cards offer a way to address this weakness,
More informationAngel Dichev RIG, SAP Labs
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine SSL
More informationIBM Rational Rapid Developer Components & Web Services
A Technical How-to Guide for Creating Components and Web Services in Rational Rapid Developer June, 2003 Rev. 1.00 IBM Rational Rapid Developer Glenn A. Webster Staff Technical Writer Executive Summary
More informationJAVA 2 Network Security
JAVA 2 Network Security M A R C O PISTOIA DUANE F. RELLER DEEPAK GUPTA MILIND NAGNUR ASHOK K. RAMANI PTR, UPPER http://www.phptr.com PRENTICE HALL SADDLE RIVER, NEW JERSEY 07458 Contents Foreword Preface
More informationApache Ki (formerly JSecurity) DevNexus - 2009
Apache Ki (formerly JSecurity) DevNexus - 2009 Introduction Jeremy Haile Project Co-Founder VP Product Development, WeTheCitizens Agenda What is Apache Ki? Terminology Authentication, Authorization, Session
More informationLi Gong and Roland Schemers. fgong,schemersg@eng.sun.com. overlap, as shown in Figure 1. 1
Implementing Protection Domains in the Java TM Development Kit 1.2 Li Gong and Roland Schemers JavaSoft, Sun Microsystems, Inc. fgong,schemersg@eng.sun.com Abstract The forthcoming Java TM Development
More informationWindows Authentication on Microsoft SQL Server
Windows Authentication on Microsoft SQL Server Introduction Microsoft SQL Server offers two types of security authentication: SQL Server authentication and Windows authentication. SQL Server authentication
More informationTIBCO ActiveMatrix BusinessWorks Plug-in for Microsoft SharePoint User s Guide
TIBCO ActiveMatrix BusinessWorks Plug-in for Microsoft SharePoint User s Guide Software Release 1.0 Feburary 2013 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER
More informationUser Pass-Through Authentication in IBM Cognos 8 (SSO to data sources)
User Pass-Through Authentication in IBM Cognos 8 (SSO to data sources) Nature of Document: Guideline Product(s): IBM Cognos 8 BI Area of Interest: Security Version: 1.2 2 Copyright and Trademarks Licensed
More informationRealizing Enterprise Integration Patterns in WebSphere
Universität Stuttgart Fakultät Informatik, Elektrotechnik und Informationstechnik Realizing Enterprise Integration Patterns in WebSphere Thorsten Scheibler, Frank Leymann Report 2005/09 October 20, 2005
More informationRedpaper Axel Buecker Kenny Chow Jenny Wong
Redpaper Axel Buecker Kenny Chow Jenny Wong A Guide to Authentication Services in IBM Security Access Manager for Enterprise Single Sign-On Introduction IBM Security Access Manager for Enterprise Single
More informationSAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011
NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity
More informationSecurity Code Review- Identifying Web Vulnerabilities
Security Code Review- Identifying Web Vulnerabilities Kiran Maraju, CISSP, CEH, ITIL, SCJP Email: Kiran_maraju@yahoo.com 1 1.1.1 Abstract Security Code Review- Identifying Web Vulnerabilities This paper
More informationBeyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model
Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model Marco Pistoia IBM T. J. Watson Research Ctr. Hawthorne, New York, USA pistoia@us.ibm.com Anindya Banerjee Kansas State
More informationOPENIAM ACCESS MANAGER. Web Access Management made Easy
OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access
More informationEnabling SSL and Client Certificates on the SAP J2EE Engine
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine
More informationBusiness Services Server Reference Guide Release 9.1.x
[1]JD Edwards EnterpriseOne Tools Business Services Server Reference Guide Release 9.1.x E20240-05 December 2014 Discusses administrative tasks for configuring the JD Edwards EnterpriseOne business services
More informationRunning and Testing Java EE Applications in Embedded Mode with JupEEter Framework
JOURNAL OF APPLIED COMPUTER SCIENCE Vol. 21 No. 1 (2013), pp. 53-69 Running and Testing Java EE Applications in Embedded Mode with JupEEter Framework Marcin Kwapisz 1 1 Technical University of Lodz Faculty
More informationFundamentals of Java Programming
Fundamentals of Java Programming This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors
More informationSoftware Engineering Techniques
Software Engineering Techniques Low level design issues for programming-in-the-large. Software Quality Design by contract Pre- and post conditions Class invariants Ten do Ten do nots Another type of summary
More information<Insert Picture Here> Hudson Security Architecture. Winston Prakash. Click to edit Master subtitle style
Hudson Security Architecture Click to edit Master subtitle style Winston Prakash Hudson Security Architecture Hudson provides a security mechanism which allows Hudson Administrators
More informationBrekeke PBX Web Service
Brekeke PBX Web Service User Guide Brekeke Software, Inc. Version Brekeke PBX Web Service User Guide Revised October 16, 2006 Copyright This document is copyrighted by Brekeke Software, Inc. Copyright
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationUnleash the Power of Single Sign-On with Microsoft and SAP
Collaboration Technology Support Center Microsoft Collaboration Brief September 2007 Unleash the Power of Single Sign-On with Microsoft and SAP White Paper Authors Tilo Boettcher, Microsoft Corp (tiloboet@microsoft.com)
More informationHow To Implement Lightweight ESOA with Java
Abstract How To Implement Lightweight ESOA with Java La arquitectura SOA utiliza servicios para integrar sistemas heterogéneos. Enterprise SOA (ESOA) extiende este enfoque a la estructura interna de sistemas,
More informationThe Java Series. Java Essentials I What is Java? Basic Language Constructs. Java Essentials I. What is Java?. Basic Language Constructs Slide 1
The Java Series Java Essentials I What is Java? Basic Language Constructs Slide 1 What is Java? A general purpose Object Oriented programming language. Created by Sun Microsystems. It s a general purpose
More informationOpenLDAP Oracle Enterprise Gateway Integration Guide
An Oracle White Paper June 2011 OpenLDAP Oracle Enterprise Gateway Integration Guide 1 / 29 Disclaimer The following is intended to outline our general product direction. It is intended for information
More informationbbc Developing Service Providers Adobe Flash Media Rights Management Server November 2008 Version 1.5
bbc Developing Service Providers Adobe Flash Media Rights Management Server November 2008 Version 1.5 2008 Adobe Systems Incorporated. All rights reserved. Adobe Flash Media Rights Management Server 1.5
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationOracle WebLogic Server
Oracle WebLogic Server Creating WebLogic Domains Using the Configuration Wizard 10g Release 3 (10.3) November 2008 Oracle WebLogic Server Oracle Workshop for WebLogic Oracle WebLogic Portal Oracle WebLogic
More informationCS346: Database Programming. http://warwick.ac.uk/cs346
CS346: Database Programming http://warwick.ac.uk/cs346 1 Database programming Issue: inclusionofdatabasestatementsinaprogram combination host language (general-purpose programming language, e.g. Java)
More informationOracle WebLogic Foundation of Oracle Fusion Middleware. Lawrence Manickam Toyork Systems Inc www.toyork.com http://ca.linkedin.
Oracle WebLogic Foundation of Oracle Fusion Middleware Lawrence Manickam Toyork Systems Inc www.toyork.com http://ca.linkedin.com/in/lawrence143 History of WebLogic WebLogic Inc started in 1995 was a company
More informationIdentity Management. Critical Systems Laboratory
Identity Management Critical Systems What is Identity Management? Identity: a set of attributes and values, which might or might not be unique Storing and manipulating identities Binding virtual identities
More informationSingle Sign On In A CORBA-Based
Single Sign On In A CORBA-Based Based Distributed System Igor Balabine IONA Security Architect Outline A standards-based framework approach to the Enterprise application security Security framework example:
More informationNetIQ Access Manager. Developer Kit 3.2. May 2012
NetIQ Access Manager Developer Kit 3.2 May 2012 Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON DISCLOSURE
More informationenterprise^ IBM WebSphere Application Server v7.0 Security "publishing Secure your WebSphere applications with Java EE and JAAS security standards
IBM WebSphere Application Server v7.0 Security Secure your WebSphere applications with Java EE and JAAS security standards Omar Siliceo "publishing enterprise^ birmingham - mumbai Preface 1 Chapter 1:
More informationSingle Sign-on (SSO) technologies for the Domino Web Server
Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, 2011 2011 IBM Corporation Welcome Participant Passcode: 4297643 2011 IBM Corporation 2 Agenda USA Toll Free (866) 803-2145
More informationSecure Messaging Server Console... 2
Secure Messaging Server Console... 2 Upgrading your PEN Server Console:... 2 Server Console Installation Guide... 2 Prerequisites:... 2 General preparation:... 2 Installing the Server Console... 2 Activating
More informationJava Interview Questions and Answers
1. What is the most important feature of Java? Java is a platform independent language. 2. What do you mean by platform independence? Platform independence means that we can write and compile the java
More informationOnset Computer Corporation
Onset, HOBO, and HOBOlink are trademarks or registered trademarks of Onset Computer Corporation for its data logger products and configuration/interface software. All other trademarks are the property
More informationcore. Volume I - Fundamentals Seventh Edition Sun Microsystems Press A Prentice Hall Title ULB Darmstadt
core. 2008 AGI-Information Management Consultants May be used for personal purporses only or by libraries associated to dandelon.com network. Volume I - Fundamentals Seventh Edition CAY S. HORSTMANN GARY
More informationLecture 10 - Authentication
Lecture 10 - Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Kerberos: What to know 1) Alice T rent : {Alice + Bob
More informationEMC Documentum Application Connectors Software Development Kit
EMC Documentum Application Connectors Software Development Kit Version 6.8 Development Guide EMC Corporation Corporate Headquarters: Hopkinton, MA 01748-9103 1-508-435-1000 www.emc.com Legal Notice Copyright
More informationIntegrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies
Guideline Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies Product(s): IBM Cognos 8 BI Area of Interest: Security Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies 2 Copyright
More informationINTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN
INTEGRATION GUIDE IDENTIKEY Federation Server for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO
More informationTopics. Introduction. Java History CS 146. Introduction to Programming and Algorithms Module 1. Module Objectives
Introduction to Programming and Algorithms Module 1 CS 146 Sam Houston State University Dr. Tim McGuire Module Objectives To understand: the necessity of programming, differences between hardware and software,
More informationLecture 10 - Authentication
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 10 - Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/
More informationIntroduction to Evidence-based security in.net Framework
Introduction to Evidence-based security in.net Framework Brad Merrill rogram Manager.NET Frameworks Integration Agenda The roblem: Customer Scenarios The Solution:.NET Security Role-based Security Evidence-based
More informationThe Sun Certified Associate for the Java Platform, Standard Edition, Exam Version 1.0
The following applies to all exams: Once exam vouchers are purchased you have up to one year from the date of purchase to use it. Each voucher is valid for one exam and may only be used at an Authorized
More informationApplication Notes for Packaging and Deploying Avaya Communications Process Manager Sample SDK Web Application on a JBoss Application Server Issue 1.
Avaya Solution & Interoperability Test Lab Application Notes for Packaging and Deploying Avaya Communications Process Manager Sample SDK Web Application on a JBoss Application Server Issue 1.0 Abstract
More informationAP Computer Science Java Subset
APPENDIX A AP Computer Science Java Subset The AP Java subset is intended to outline the features of Java that may appear on the AP Computer Science A Exam. The AP Java subset is NOT intended as an overall
More informationTIBCO Runtime Agent Authentication API User s Guide. Software Release 5.8.0 November 2012
TIBCO Runtime Agent Authentication API User s Guide Software Release 5.8.0 November 2012 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED
More informationOracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003
Oracle Identity Management Concepts and Architecture An Oracle White Paper December 2003 Oracle Identity Management Concepts and Architecture Introduction... 3 Identity management... 3 What is Identity
More informationUsing SAP Logon Tickets for Single Sign on to Microsoft based web applications
Collaboration Technology Support Center - Microsoft - Collaboration Brief March 2005 Using SAP Logon Tickets for Single Sign on to Microsoft based web applications André Fischer, Project Manager CTSC,
More informationSSO Methods Supported by Winshuttle Applications
Winshuttle and SSO SSO Methods Supported by Winshuttle Applications Single Sign-On (SSO) delivers business value by enabling safe, secure access to resources and exchange of information at all levels of
More informationHow to Build an E-Commerce Application using J2EE. Carol McDonald Code Camp Engineer
How to Build an E-Commerce Application using J2EE Carol McDonald Code Camp Engineer Code Camp Agenda J2EE & Blueprints Application Architecture and J2EE Blueprints E-Commerce Application Design Enterprise
More informationprofessional expertise distilled P U B L I S H I N G EJB 3.1 Cookbook Richard M. Reese Chapter No.7 "EJB Security"
P U B L I S H I N G professional expertise distilled EJB 3.1 Cookbook Richard M. Reese Chapter No.7 "EJB Security" In this package, you will find: A Biography of the author of the book A preview chapter
More informationCreating a User Profile for Outlook 2013
Creating a User Profile for Outlook 2013 This document tells you how to create a user profile for Outlook 2013 on your computer (also known as the Outlook client). This is necessary, for example, when
More informationNovell Access Manager
J2EE Agent Guide AUTHORIZED DOCUMENTATION Novell Access Manager 3.1 SP3 February 02, 2011 www.novell.com Novell Access Manager 3.1 SP3 J2EE Agent Guide Legal Notices Novell, Inc., makes no representations
More informationOracle Virtual Desktop Infrastructure. VDI Demo (Microsoft Remote Desktop Services) for Version 3.2
Oracle Virtual Desktop Infrastructure VDI Demo (Microsoft Remote Desktop Services) for Version 2 April 2011 Copyright 2011, Oracle and/or its affiliates. All rights reserved. This software and related
More informationDemystifying Java Platform Security Architecture
Demystifying Java Platform Security Architecture Ramesh Nagappan, CISSP nramesh@post.harvard.edu Overall Presentation Goal Learn how to get started on using Java Platform and its core Security Mechanisms.
More information[MS-SSP]: Intellectual Property Rights Notice for Open Specifications Documentation
[MS-SSP]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages,
More informationDIPLOMADO DE JAVA - OCA
DIPLOMADO DE JAVA - OCA TABLA DE CONTENIDO INTRODUCCION... 3 ESTRUCTURA DEL DIPLOMADO... 4 Nivel I:... 4 Fundamentals of the Java Programming Language Java SE 7... 4 Introducing the Java Technology...
More informationUsing SUSE Linux Enterprise Desktop with Microsoft * Active Directory Infrastructure
Technical White Paper DESKTOP www.novell.com Using SUSE Linux Enterprise Desktop with Microsoft * Active Directory Infrastructure * Using SUSE Linux Enterprise Desktop with Microsoft Active Directory Infrastructure
More informationSecurity Services Application Programming Interface (SS API) Developer's Security Guidance
M T R 9 9 W 0 0 0 0 0 2 7 M I T R E T E C H N I C A L R E P O R T Security Services Application Programming Interface (SS API) Developer's Security Guidance March 2000 Amgad Fayad Don Faatz Sponsor: DISA
More informationSW5706 Application deployment problems
SW5706 This presentation will focus on application deployment problem determination on WebSphere Application Server V6. SW5706G11_AppDeployProblems.ppt Page 1 of 20 Unit objectives After completing this
More informationSecuring Fusion Web Applications
Securing Fusion Web Applications Security is an important part of any enterprise application. Security implementation in an application decides who can access the application and what they can do once
More informationCS 111 Classes I 1. Software Organization View to this point:
CS 111 Classes I 1 Software Organization View to this point: Data Objects and primitive types Primitive types operators (+, /,,*, %). int, float, double, char, boolean Memory location holds the data Objects
More informationBasic TCP/IP networking knowledge of client/server concepts Basic Linux commands and desktop navigation (if don't know we will cover it )
About Oracle WebLogic Server Oracle WebLogic Server is the industry's best application server for building and deploying enterprise Java EE applications with support for new features for lowering cost
More informationSecure the Web: OpenSSO
Secure the Web: OpenSSO Sang Shin, Technology Architect Sun Microsystems, Inc. javapassion.com Pat Patterson, Principal Engineer Sun Microsystems, Inc. blogs.sun.com/superpat 1 Agenda Need for identity-based
More informationGlassFish Security. open source community experience distilled. security measures. Secure your GlassFish installation, Web applications,
GlassFish Security Secure your GlassFish installation, Web applications, EJB applications, application client module, and Web Services using Java EE and GlassFish security measures Masoud Kalali PUBLISHING
More informationIBM Tivoli Identitiy Manager 5.1: Writing Java Extensions and Application Code
IBM Tivoli Identitiy Manager 5.1: Writing Java Extensions and Application Code White Paper April 2012 Ori Pomerantz orip@us.ibm.com Copyright IBM Corp. 2012. All Rights Reserved. US Government Users Restricted
More informationCHAPTER 1 - JAVA EE OVERVIEW FOR ADMINISTRATORS
CHAPTER 1 - JAVA EE OVERVIEW FOR ADMINISTRATORS Java EE Components Java EE Vendor Specifications Containers Java EE Blueprint Services JDBC Data Sources Java Naming and Directory Interface Java Message
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationStart Oracle Insurance Policy Administration. Activity Processing. Version 9.2.0.0.0
Start Oracle Insurance Policy Administration Activity Processing Version 9.2.0.0.0 Part Number: E16287_01 March 2010 Copyright 2009, Oracle and/or its affiliates. All rights reserved. This software and
More informationMonitoring Pramati EJB Server
Monitoring Pramati EJB Server 17 Overview The EJB Server manages the execution of enterprise applications that run on the J2EE server. The JAR modules deployed on the Server are supported by the EJB container.
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More information1 What Are Web Services?
Oracle Fusion Middleware Introducing Web Services 11g Release 1 (11.1.1.6) E14294-06 November 2011 This document provides an overview of Web services in Oracle Fusion Middleware 11g. Sections include:
More informationOracle Fusion Middleware
Oracle Fusion Middleware Managing Server Startup and Shutdown for Oracle WebLogic Server 11g Release 1 (10.3.5) E13708-04 April 2011 This book describes how you manage Oracle WebLogic Server startup, shutdown,
More informationService Virtualization: Managing Change in a Service-Oriented Architecture
Service Virtualization: Managing Change in a Service-Oriented Architecture Abstract Load balancers, name servers (for example, Domain Name System [DNS]), and stock brokerage services are examples of virtual
More informationlanguage 1 (source) compiler language 2 (target) Figure 1: Compiling a program
CS 2112 Lecture 27 Interpreters, compilers, and the Java Virtual Machine 1 May 2012 Lecturer: Andrew Myers 1 Interpreters vs. compilers There are two strategies for obtaining runnable code from a program
More informationSecurity solutions Executive brief. Understand the varieties and business value of single sign-on.
Security solutions Executive brief Understand the varieties and business value of single sign-on. August 2005 2 Contents 2 Executive overview 2 SSO delivers multiple business benefits 3 IBM helps companies
More informationHow To Manage A Server On A Jboss Application Platform 6.4.4 (Jboss)
Red Hat JBoss Enterprise Application Platform 6.4 Security Architecture Security Architecture Guide for JBoss Enterprise Application Platform 6. Zach Rhoads Ella Ballard Red Hat JBoss Enterprise Application
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN
INTEGRATION GUIDE DIGIPASS Authentication for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO Data
More informationXerox DocuShare Security Features. Security White Paper
Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a
More informationOracle Fusion Middleware
Oracle Fusion Middleware Administrator s Guide for Oracle Directory Integration Platform 11g Release 1 (11.1.1) E10031-03 April 2010 Oracle Fusion Middleware Administrator's Guide for Oracle Directory
More information