JEUS Security Guide
   Next

JEUS Security Guide 

JEUS v7.0 Fix#3

Copyright © 2014 TmaxSoft Co., Ltd. All Rights Reserved.

Restricted Rights Legend

All TmaxSoft Software (JEUS®) and documents are protected by copyright laws and international convention. TmaxSoft software and documents are made available under the terms of the TmaxSoft License Agreement and may only be used or copied in accordance with the terms of this agreement. No part of this document may be transmitted, copied, deployed, or reproduced in any form or by any means, electronic, mechanical, or optical, without the prior written consent of TmaxSoft Co., Ltd.

Trademarks

JEUS® is registered trademark of TmaxSoft Co., Ltd. Other products, titles or services may be registered trademarks of their respective companies.

Open Source Software Notice

Some modules or files of this product are subject to the terms of the following licenses. : APACHE2.0, CDDL1.0, EDL1.0, OPEN SYMPHONY SOFTWARE1.1, TRILEAD-SSH2, Bouncy Castle, BSD, MIT, SIL OPEN FONT1.1

Detailed Information related to the license can be found in the following directory : ${INSTALL_PATH}/lib/licenses

Document Information

Document Name: JEUS Security Guide 

Document Created: 2014-08-29

Software Version: JEUS v7.0 Fix#3

Document Version: v2.1.5

Table of Contents

About This Document
1. Introducing the Security System
1.1. Overview
1.2. Key Features
1.3. System Architecture
1.4. Core Concepts
1.4.1. Login
1.4.2. Authentication
1.4.3. Authorization
1.4.4. Auditing
1.4.5. Services and SPI
1.4.6. Domain
1.5. Improving Performance and Security Level
1.5.1. Tuning the Security System
1.5.2. Improving Security Level
2. Configuring the Security System
2.1. Overview
2.2. Configuring the Security System Domain
2.2.1. Using WebAdmin
2.2.2. Configuring XML
2.2.3. Configuring User Accounts and Security Policies
2.3. Configuring Security Domain Components
2.3.1. Using WebAdmin
2.3.2. Editing XML
2.4. Configuring Security Services
2.4.1. Using WebAdmin
2.4.2. Configuring XML
2.5. Configuring the Security System User Information
2.5.1. Using WebAdmin
2.5.2. Configuring XML
2.5.3. Using Database
2.5.4. Configuring Password Security
2.5.5. Caching Login Information
2.6. Configuring Security System Policies
2.6.1. Using WebAdmin
2.6.2. Editing XML
2.6.3. Using Database
2.7. Configuring Additional Settings
2.7.1. Configuring Java SE SecurityManager
2.7.2. Configuring JACC Provider
2.7.3. Configuring information to Grant Identity
2.7.4. Configuring Identity Certificate Information
3. Configuring Security for Applications and Modules
3.1. Overview
3.1.1. Module Deployment and Application Deployment
3.1.2. Role-to-Resource Mapping
3.1.3. Principal-to-Role Mapping
3.1.4. User Configurations
3.2. Configuring EJB Module Security
3.2.1. Configuring ejb-jar.xml
3.2.2. Configuring jeus-ejb-dd.xml
3.3. Configuring Web Module Security
3.3.1. Configuring web.xml
3.3.2. Configuring jeus-web-dd.xml
3.4. Configuring J2EE Application Security
3.4.1. Configuring application.xml
3.4.2. Configuring jeus-application-dd.xml
3.5. Examples
4. Programming with the Security System API
4.1. Overview
4.2. Java SE Permission Configurations
4.3. Basic API
4.4. Resource API
4.5. SPI Class
4.6. Example
5. Developing Customized Security Services
5.1. Overview
5.2. Service Class
5.3. The Basic Pattern of Implementing Custom Security Services
5.4. SPI Class
5.4.1. SubjectValidationService SPI
5.4.2. SubjectFactoryService SPI
5.4.3. AuthenticationService SPI
5.4.4. AuthenticationRepositoryService SPI
5.4.5. IdentityAssertionService SPI
5.4.6. CredentialMappingService SPI
5.4.7. CredentialVerificationService SPI
5.4.8. AuthorizationService SPI
5.4.9. AuthorizationRepositoryService SPI
5.4.10. EventHandlingService SPI
5.4.11. Dependencies between SPI Implementations
5.5. Security Services Configurations
6. Using JACC Provider
6.1. Overview
6.2. Introducing JACC Protocol
6.2.1. Provider Configuration Protocol
6.2.2. Policy Configuration Protocol
6.2.3. Policy Decision and Execution Protocol
6.3. Developing JACC Provider
6.3.1. Implementing JACC Provider
6.3.2. Packaging JACC Provider
6.3.3. Default JACC Provider
6.4. Integrating JACC Providers with the JEUS Security System
7. Using JAAS
7.1. Overview
7.2. Implementing LoginModule to Integrate JEUS with LDAP
7.3. Configuring LDAP JAAS LoginModule Service
7.4. Implementing LoginModule to Integrate with Database
7.5. Configuring LoginModule Service
A. Security Event Service
A.1. Overview
A.2. Event
B. JEUS Server Permissions
B.1. Overview
B.2. JEUS System Resource Name
B.3. jeusadmin Command Permission Configurations
Index

List of Figures

[Figure 1.1] Security System Architecture
[Figure 1.2] Stack-based Login Mechanism
[Figure 1.3] Subject UML Diagram
[Figure 1.4] Role-based Permission Authorization
[Figure 1.5] Role at 01:30AM
[Figure 1.6] Role at 10:30 AM
[Figure 1.7] UML Diagram of Policy and PermissionMap
[Figure 1.8] Example of Policy with One Principal-to-Role mapping and Two Role-to-Resource mappings
[Figure 1.9] Two Types of Service
[Figure 1.10] Service Class and SPI Sub-classes
[Figure 1.11] Two Domains using Different Application and Subject Repository
[Figure 2.1] Security Manager Main Screen
[Figure 2.2] Security Domain Configurations
[Figure 2.3] [Security Service] - [Cache Config]
[Figure 2.4] [Security Manager] - [Key Store]
[Figure 2.5] [Security Manager] - [Custom Service]
[Figure 2.6] [Security Service] - [Authentication]
[Figure 2.7] [Security Service] - [Authentication] - [Repository Service]
[Figure 2.8] [Security Service] - [Authentication] - [Jaas Login Config]
[Figure 2.9] [Security Service] - [Authentication] - [Custom Authentication Service]
[Figure 2.10] [Security Service] - [Authorization] - [Basic]
[Figure 2.11] [Security Service] - [Authorization] - [Custom Authorization Service]
[Figure 2.12] [Security Service] - [Identity Assertion]
[Figure 2.13] [Security Service] - [Credential Mapping]
[Figure 2.14] [Security Service] - [Credential Verification]
[Figure 2.15] [Security Service] - [Audit]
[Figure 2.16] [Security Service] - [Subject Validation]
[Figure 2.17] Accounts Configuration Screen
[Figure 2.18] Accounts - User Registration
[Figure 2.19] Accounts - Password Configurations
[Figure 2.20] Accounts - Password Algorithm
[Figure 2.21] Database Table Structure that Stores the User Information for Subjects
[Figure 2.22] Policy Configuration Main Screen
[Figure 2.23] Policy Configurations - Role Permission Registration
[Figure 2.24] Policy Configurations - Resource Permission Registration (1)
[Figure 2.25] Policy Configurations - Resource Permission Registrations (2)
[Figure 2.26] Policy Configurations - Resource Permission Registration (3)
[Figure 2.27] Database Table Structure to Save Policies
[Figure 3.1] Principal-to-Role Mapping
[Figure 3.2] Login Page
[Figure 3.3] Main Page
[Figure 5.1] Service Class Diagram
[Figure 5.2] The State-Chart of the Service Class
[Figure 5.3] Dependencies Between Default SPI Implementation Classes in the Default Security System
[Figure 6.1] JACC Provider Class

List of Tables

[Table 1.1] Examples of Authorization Queries and the Outcomes
[Table 5.1] The standard SPI classes defined in the package jeus.security.spi

List of Examples

[Example 2.1] <<JEUS_HOME/domains/<domain name>/config/domain.xml>>
[Example 2.2] Security System Service Configurations: <<domain.xml>>
[Example 2.3] Security System Service Configurations: <<domain.xml>>
[Example 2.4] Security System User Information Configuration: <<accounts.xml>>
[Example 2.5] Configuring Users Using Database: <<domain.xml>>
[Example 2.6] Without Using JEUS JDBC: <<domain.xml>>
[Example 2.7] Stored Login Information: <<.jeuspassword>>
[Example 2.8] Security System Policy Configurations: <<policies.xml>>
[Example 2.9] Custom Permission Class: <<TimeConstrainedRolePermission.java>>
[Example 2.10] Custom Permission Class: <<policies.xml>>
[Example 2.11] Configuring Policies Using Database: <<domain.xml>>
[Example 2.12] Java SE SecurityManager Configurations: <<policy>>
[Example 2.13] Configuring Information to Grant Identity: <<cert-user-map.xml>>
[Example 2.14] Configuring the Certificate Information for Identity: <<user-cert-map.xml>>
[Example 3.1] Security Constraints Configured in EJB Module: <<ejb-jar.xml>>
[Example 3.2] Principal-to-Role Mapping: <<jeus-ejb-dd.xml>>
[Example 3.3] Security Configurations: <<ejb-jar.xml>>
[Example 3.4] Security Configurations: <<jeus-ejb-dd.xml>>
[Example 3.5] Web Module Security Configurations: <<web.xml>>
[Example 3.6] Web Module Security Configurations: <<jeus-web-dd.xml>>
[Example 3.7] J2EE Application Security Configuration: <<application.xml>>
[Example 3.8] J2EE Application Security Configurations: <<jeus-application-dd.xml>>
[Example 6.1] JACC Security Configuration File: <<domain.xml>>
[Example 6.2] Java System Property Configuration for JACC <<domain.xml>>
[Example 7.1] <<jeus.security.impl.login.LdapLoginModule>>
[Example 7.2] Domain Service Configuration: <<domain.xml>>
[Example 7.3] <<jeus.security.impl.login.DBRealmLoginModule>>
[Example 7.4] Domain Service Configuration: <<domain.xml>>
[Example B.1] Security System Policy Configuration: <<policies.xml>>
   Next
   About This Document

Copyright © 2014 TmaxSoft Co., Ltd. All Rights Reserved.