Security

Authentication - checking credentials

Credential is an object that the client supplies to authenticate himself to the system. Credential might be a password, a digital signature, or another identifier. It might also be a wrapper of that credential to indicate that the jboss server trusts the invoker about the principal and no authentication is necessary (e.g. for in-VM invocations, or invocations from a web container).

The authentication interface is:

public interface org.jboss.system.SecurityManager
      {
              public boolean isValid( Principal principal,
                                      Object credential );
      }

Judgments about validity are based on thePrincipal class type, Principal name, and credential. Typically, one implementation exists per security realm.

The security manager implementation is registered in the JNDI namespace as "SecurityManager." and is shared between containers. This system level implementation would only delegate to the realm-level implementations to see if the Principal/credential pair were valid.

Authorization - checking access to resources

Authorization interface is defined as follows:

public interface RealmMapping
      {
              public boolean doesUserHaveRole( Principal principal,
                                               Set roleNames );
      }

A RealmMapping describes a relation between a list of principals, and a set of roles assigned to each principal. Unlike SecurityManagers, RealmMappings are specific to a particular J2EE application. So the relationship is the following: J2EE app has many realms, a realm has many principals, and a principal has many roles.

The RealmMapping interface is used in conjunction with the authorization information in the EJB 1.1 or 2.0 deployment descriptor. It is also used for the implementation of isCallerInRole call. Set of roleNames would have only one role in that case.

A CacheRealmMapping is a "meta-level" implementation of RealmMapping that handles lists of realms for a particular J2EE application. It is called CacheRealmMappingbecause we cache information about a particular principal if access to the persistent mapping is expensive.

SecurityInterceptor

The SecurityInterceptor's first task would be to use the SecurityManager to authenticate the Principal, based on the credential available in MethodInvocation.

Then, SecurityInterceptor, given a method that has to be invoked, retrieves methodPermissions (set of roles) from the container and checks if caller's principal has any of those retreived roles.