You are previewing Enterprise Java™ Security: Building Secure J2EE™ Applications.
O'Reilly logo
Enterprise Java™ Security: Building Secure J2EE™ Applications

Book Description

Enterprise Java™ Security: Building Secure J2EE™ Applications provides application developers and programmers with the know-how they need to utilize the latest Java security technologies in building secure enterprise infrastructures. Written by the leading Java security experts at IBM, this comprehensive guide covers the current status of the Java™ 2 Platform, Enterprise Edition (J2EE), and Java™ 2 Platform, Standard Edition (J2SE™), security architectures and offers practical solutions and usage patterns to address the challenges of Java security.

To aid developers who need to build secure J2EE applications, Enterprise Java™ Security covers at length the J2EE security technologies, including the security aspects of servlets, JavaServer Pages(TM) (JSP™), and Enterprise JavaBeans™ (EJB™)—technologies that are at the core of the J2EE architecture. In addition, the book covers Web Services security.

Examples and sample code are provided throughout the book to give readers a solid understanding of the underlying technology.

The relationship between Java and cryptographic technologies is covered in great detail, including:

  • Java Cryptography Architecture (JCA)

  • Java Cryptography Extension (JCE)

  • Public-Key Cryptography Standards (PKCS)

  • Secure/Multipurpose Internet Mail Extensions (S/MIME)

  • Java Secure Socket Extension (JSSE)

Table of Contents

  1. Copyright
    1. Dedication
  2. Foreword
  3. Preface
  4. About the Authors
  5. I. Enterprise Security and Java
    1. 1. An Overview of Java Technology and Security
      1. 1.1. Why Java Technology for Enterprise Applications?
        1. 1.1.1. Java 2 Platform, Standard Edition
        2. 1.1.2. Java 2 Platform, Enterprise Edition
        3. 1.1.3. Java Components
          1. 1.1.3.1. Development Environment and Libraries
          2. 1.1.3.2. Execution Environment and Runtime Libraries
          3. 1.1.3.3. Interfaces and Architectures
        4. 1.1.4. Java Security Technologies: Integral, Evolving, and Interoperable
        5. 1.1.5. Portability in a Heterogeneous World
      2. 1.2. Enterprise Java Technology
        1. 1.2.1. The Middle Tier: Servlets, JSP, and EJB
        2. 1.2.2. Component Software: A Step in the Right Direction
        3. 1.2.3. Secure Communication in an Enterprise
      3. 1.3. Java Technology as Part of Security
      4. 1.4. An Overview of Enterprise Security Integration
        1. 1.4.1. Authentication and Authorization Services
        2. 1.4.2. Cryptographic Services
        3. 1.4.3. Firewalls
      5. 1.5. Time to Market
        1. 1.5.1. Support for Essential Technical Standards
        2. 1.5.2. Engineering Software in a Heterogeneous World
        3. 1.5.3. Time Is of the Essence
    2. 2. Enterprise Network Security and Java Technology
      1. 2.1. Networked Architectures
        1. 2.1.1. Two-Tier Architectures
        2. 2.1.2. Three-Tier Architectures
      2. 2.2. Network Security
      3. 2.3. Server-Side Java Technology
        1. 2.3.1. WAS Components
          1. 2.3.1.1. Servlet Container
          2. 2.3.1.2. EJB Container
        2. 2.3.2. WAS Security Environment
      4. 2.4. Java and Firewalls
        1. 2.4.1. TCP/IP Packets
        2. 2.4.2. Program Communication through a Firewall
          1. 2.4.2.1. Proxy Servers
          2. 2.4.2.2. SOCKS
          3. 2.4.2.3. Proxy Servers versus SOCKS Gateways
        3. 2.4.3. The Effect of Firewalls on Java Programs
          1. 2.4.3.1. Using HTTP for Applet Downloading
          2. 2.4.3.2. Using a Firewall to Stop Java Downloads
          3. 2.4.3.3. Java Network Connections through the Firewall
          4. 2.4.3.4. RMI through the Firewall
      5. 2.5. Summary
  6. II. Enterprise Java Components Security
    1. 3. Enterprise Java Security Fundamentals
      1. 3.1. Enterprise Systems
      2. 3.2. J2EE Applications
        1. 3.2.1. EJB Modules
        2. 3.2.2. Web Modules
        3. 3.2.3. Application Client Modules
      3. 3.3. Secure Interoperability between ORBs
      4. 3.4. Connectors
      5. 3.5. JMS
      6. 3.6. Simple E-Business Request Flow
      7. 3.7. J2EE Platform Roles
        1. 3.7.1. Application Component Provider
          1. 3.7.1.1. Access of Resources in the Underlying Operating System
          2. 3.7.1.2. Security Recommendations
          3. 3.7.1.3. Programmatic Access to the Caller's Security Context
          4. 3.7.1.4. Conveying the Use of Role References
        2. 3.7.2. Application Assembler
          1. 3.7.2.1. Defining EJB Method Permissions
          2. 3.7.2.2. Defining Web Resources Security Constraints
          3. 3.7.2.3. Declaring Security Roles within a J2EE Application
        3. 3.7.3. Deployer
          1. 3.7.3.1. Reading the Security View of the J2EE Application
          2. 3.7.3.2. Configuring the Security Domain
          3. 3.7.3.3. Assigning of Principals to Security Roles
          4. 3.7.3.4. Configuring Principal Delegation
        4. 3.7.4. System Administrator
          1. 3.7.4.1. Administering the Security Domain
          2. 3.7.4.2. Assigning Application Roles to Users and Groups
        5. 3.7.5. J2EE Product Provider
          1. 3.7.5.1. Supplying Deployment Tools
          2. 3.7.5.2. Configuring Security Domains
          3. 3.7.5.3. Supplying Mechanisms to Enforce Security Policies
          4. 3.7.5.4. Providing Tools for Principal Delegation
          5. 3.7.5.5. Providing Access to the Caller's Security Context
          6. 3.7.5.6. Supplying Runtime Security Enforcement
          7. 3.7.5.7. Providing a Security Audit Trail
      8. 3.8. J2EE Security Roles
      9. 3.9. Declarative Security Policies
        1. 3.9.1. Login-Configuration Policy
          1. 3.9.1.1. Authentication Method in Login Configuration
          2. 3.9.1.2. Secure-Channel Constraint
        2. 3.9.2. Authorization Policy
        3. 3.9.3. Delegation Policy
        4. 3.9.4. Connection Policy
      10. 3.10. Programmatic Security
        1. 3.10.1. Retrieving Identity Information
          1. 3.10.1.1. From a Servlet or JSP File
          2. 3.10.1.2. From an Enterprise Bean
        2. 3.10.2. Proactive Authorization
          1. 3.10.2.1. From a Servlet or JSP File
          2. 3.10.2.2. From an Enterprise Bean
        3. 3.10.3. Application-Managed Sign-On to an EIS
      11. 3.11. Secure Communication within a WAS Environment
      12. 3.12. Secure E-Business Request Flow
    2. 4. Servlet and JSP Security
      1. 4.1. Introduction
        1. 4.1.1. Java Servlets
        2. 4.1.2. JSP Technology
      2. 4.2. Advantages of Servlets
      3. 4.3. Servlet Life Cycle
      4. 4.4. The Deployment Descriptor of a Web Module
      5. 4.5. Authentication
        1. 4.5.1. Login-Configuration Policy
          1. 4.5.1.1. HTTP Authentication Method
          2. 4.5.1.2. Form-Based Authentication Method
          3. 4.5.1.3. Certificate-Based Authentication Method
        2. 4.5.2. Single Sign-On
      6. 4.6. Authorization
        1. 4.6.1. Invocation Chain
        2. 4.6.2. Protecting a Specific URL
        3. 4.6.3. Protecting a URL Pattern
          1. 4.6.3.1. URL Path-Prefix Protection
          2. 4.6.3.2. URL Extension Protection
        4. 4.6.4. Protecting from Everyone
        5. 4.6.5. Understanding the Precedence Rules
        6. 4.6.6. Data Constraints—Only over SSL!
      7. 4.7. Principal Delegation
      8. 4.8. Programmatic Security
        1. 4.8.1. Principal Information
        2. 4.8.2. Authorization Information
        3. 4.8.3. SSL Attribute Information: Certificates and Cipher Suites
        4. 4.8.4. Programmatic Login
      9. 4.9. Runtime Restrictions for Web Components
      10. 4.10. Usage Patterns
        1. 4.10.1. Using HTTPS to Connect to External HTTP Servers
        2. 4.10.2. Maintaining the State Securely
          1. 4.10.2.1. HTTP Cookies
          2. 4.10.2.2. HTTP and SSL Sessions
        3. 4.10.3. Pre- and Post-Servlet Processing
      11. 4.11. Partitioning Web Applications
    3. 5. EJB Security
      1. 5.1. Introduction
      2. 5.2. EJB Roles and Security
        1. 5.2.1. Enterprise Bean Provider
          1. 5.2.1.1. Communicating with an Enterprise Bean
          2. 5.2.1.2. Scenario
          3. 5.2.1.3. Security APIs for Enterprise Beans
          4. 5.2.1.4. EJB Runtime Restrictions
        2. 5.2.2. Application Assembler
          1. 5.2.2.1. EJB Security Roles
          2. 5.2.2.2. EJB Method Authorizations
          3. 5.2.2.3. Linking EJB Security Roles to Role References
          4. 5.2.2.4. EJB Principal Delegation
        3. 5.2.3. Deployer
        4. 5.2.4. System Administrator
        5. 5.2.5. EJB Container Provider
      3. 5.3. Authentication
      4. 5.4. Authorization
      5. 5.5. Delegation
      6. 5.6. Security Considerations
    4. 6. Enterprise Java Security Deployment Scenarios
      1. 6.1. Planning a Secure-Component System
        1. 6.1.1. Client Access
        2. 6.1.2. Presentation Layer
          1. 6.1.2.1. Static Content
          2. 6.1.2.2. Dynamic Content
        3. 6.1.3. Business Logic
        4. 6.1.4. Resource Adapters and Legacy Applications
      2. 6.2. Deployment Topologies
        1. 6.2.1. Entry Level
        2. 6.2.2. Clustered Environment
        3. 6.2.3. Adding Another Level of Defense
        4. 6.2.4. Defending with a Secure Caching Reverse Proxy Server
      3. 6.3. Secure Communication Channel
        1. 6.3.1. HTTP Connections
        2. 6.3.2. IIOP Connections
        3. 6.3.3. JMS Connections
        4. 6.3.4. Connections to Non-J2EE Systems
        5. 6.3.5. Exploring Other Options
      4. 6.4. Security Considerations
  7. III. The Foundations of Java 2 Security
    1. 7. J2SE Security Fundamentals
      1. 7.1. Access to Classes, Interfaces, Fields, and Methods
      2. 7.2. Class Loaders
        1. 7.2.1. Security Responsibilities of the Class-Loading Mechanism
        2. 7.2.2. Levels of Trustworthiness of Loaded Classes
          1. 7.2.2.1. Loading Classes from Trusted Sources
          2. 7.2.2.2. Loading Classes from Untrusted Sources
            1. Application Classes
            2. Extension Classes
            3. Classes from Remote Network Locations
        3. 7.2.3. The Class-Loading Process
          1. 7.2.3.1. Enforcing the Correct Search Order: The Design
          2. 7.2.3.2. The Class-Loading Delegation Hierarchy: The Implementation
        4. 7.2.4. Building a Customized ClassLoader
      3. 7.3. The Class File Verifier
        1. 7.3.1. The Duties of the Class File Verifier
        2. 7.3.2. The Four Passes of the Class File Verifier
          1. 7.3.2.1. File-Integrity Check
          2. 7.3.2.2. Class-Integrity Check
          3. 7.3.2.3. Bytecode-Integrity Check
          4. 7.3.2.4. Runtime Integrity Check
        3. 7.3.3. The Bytecode Verifier in Detail
        4. 7.3.4. An Example of Class File Verification
      4. 7.4. The Security Manager
        1. 7.4.1. What the SecurityManager Does
        2. 7.4.2. Operation of the SecurityManager
        3. 7.4.3. Types of Attack
          1. 7.4.3.1. Infiltrating Local Classes
          2. 7.4.3.2. Type Confusion
          3. 7.4.3.3. Network Loopholes
          4. 7.4.3.4. JavaScript Back Doors
        4. 7.4.4. Malicious Code
          1. 7.4.4.1. Cycle Stealing
          2. 7.4.4.2. Impersonation
        5. 7.4.5. SecurityManager Extensions
          1. 7.4.5.1. Ignoring Policy
          2. 7.4.5.2. Logging
          3. 7.4.5.3. Enforcing Password-Based Protection
      5. 7.5. Interdependence of the Three Java Security Legs
      6. 7.6. Summary
    2. 8. The Java 2 Permission Model
      1. 8.1. Overview of the Java 2 Access-Control Model
        1. 8.1.1. Lexical Scoping of Privilege Modifications
        2. 8.1.2. Java 2 Security Tools
          1. 8.1.2.1. The jar Utility
          2. 8.1.2.2. The keytool Utility
          3. 8.1.2.3. The jarsigner Utility
          4. 8.1.2.4. The Policy Tool
        3. 8.1.3. JAAS
      2. 8.2. Java Permissions
        1. 8.2.1. Permission Target and Actions
        2. 8.2.2. The PermissionCollection and Permissions Classes
        3. 8.2.3. The implies() Method in the Permission Class
        4. 8.2.4. The implies() Method in PermissionCollection and Permissions
        5. 8.2.5. Permissions Implicitly Equivalent to AllPermission
      3. 8.3. Java Security Policy
        1. 8.3.1. Combining Multiple Signers
        2. 8.3.2. Multiple Policy Files, One Active Policy
      4. 8.4. The Concept of CodeSource
      5. 8.5. ProtectionDomains
        1. 8.5.1. The implies() Method in the ProtectionDomain Class
        2. 8.5.2. System Domain and Application Domains
        3. 8.5.3. Relation between Classes, ProtectionDomains, and Permissions
      6. 8.6. The Basic Java 2 Access-Control Model
        1. 8.6.1. Scenario: Simple Check of the Current Thread
        2. 8.6.2. SecurityManager and AccessController
      7. 8.7. Privileged Java 2 Code
        1. 8.7.1. Security Recommendations on Making Code Privileged
        2. 8.7.2. How to Write Privileged Code
        3. 8.7.3. Privileged-Code Scenario
      8. 8.8. ProtectionDomain Inheritance
      9. 8.9. Performance Issues in the Java 2 Access-Control Model
        1. 8.9.1. Removal of Duplicate ProtectionDomains
        2. 8.9.2. Filtering Out of the System Domain
        3. 8.9.3. Verification Stopped at the First Privileged Stack Frame
      10. 8.10. Summary
    3. 9. Authentication and Authorization with JAAS
      1. 9.1. Overview of JAAS and JAAS Terminology
      2. 9.2. Authentication
        1. 9.2.1. Pluggable Authentication via LoginModules
        2. 9.2.2. JAAS LoginModule Examples
          1. 9.2.2.1. First Scenario
          2. 9.2.2.2. Second Scenario
          3. 9.2.2.3. Third Scenario
      3. 9.3. Authorization Overview
        1. 9.3.1. A Brief Review of J2SE ProtectionDomain-Based Authorization
        2. 9.3.2. Adding a Subject to a Thread
          1. 9.3.2.1. Fourth Scenario
        3. 9.3.3. Security Authorization Policy File
        4. 9.3.4. Examples of the Subject-Based Authorization Algorithm
          1. 9.3.4.1. Fifth Scenario
        5. 9.3.5. Additional Observations about JAAS
      4. 9.4. JAAS and J2EE
        1. 9.4.1. Web Application Servers Executing in Various JVMs
        2. 9.4.2. JAAS Subject in a J2EE Environment
        3. 9.4.3. Bridging the Gap
        4. 9.4.4. Enterprise Security Policy Management
      5. 9.5. Additional Support for Pluggable Authentication
  8. IV. Enterprise Java and Cryptography
    1. 10. The Theory of Cryptography
      1. 10.1. The Purpose of Cryptography
      2. 10.2. Secret-Key Cryptography
        1. 10.2.1. Algorithms and Techniques
          1. 10.2.1.1. Substitutions and Transpositions
          2. 10.2.1.2. The XOR Operation
          3. 10.2.1.3. Stream Ciphers
          4. 10.2.1.4. Block Ciphers
            1. Feistel Ciphers
            2. DES
            3. Triple-DES
            4. IDEA
            5. Rijndael
          5. 10.2.1.5. Modes of Operation
            1. ECB
            2. CBC
        2. 10.2.2. Secret-Key Security Attributes
          1. 10.2.2.1. Key Space
          2. 10.2.2.2. Confidentiality
          3. 10.2.2.3. Nonrepudiation
          4. 10.2.2.4. Data Integrity and Data-Origin Authentication
      3. 10.3. Public-Key Cryptography
        1. 10.3.1. Algorithms and Techniques
          1. 10.3.1.1. RSA
            1. Basic RSA Concepts
            2. How the RSA Algorithm Works
            3. Security Considerations
          2. 10.3.1.2. Diffie-Hellman
            1. Basic DH Concepts
            2. How the DH Algorithm Works
            3. Security Considerations
          3. 10.3.1.3. Elliptic Curve
            1. Basic Elliptic-Curve Concepts
            2. The Elliptic-Curve Algorithm
            3. Security Considerations
        2. 10.3.2. Public-Key Security Attributes
          1. 10.3.2.1. Confidentiality
          2. 10.3.2.2. Data Integrity, Data-Origin Authentication, and Nonrepudiation
        3. 10.3.3. Digital Signatures
          1. 10.3.3.1. RSA Signature
          2. 10.3.3.2. DSA Signature
        4. 10.3.4. Digital Certificates
        5. 10.3.5. Key Distribution
    2. 11. The Java 2 Platform and Cryptography
      1. 11.1. The JCA and JCE Frameworks
        1. 11.1.1. Terms and Definitions
        2. 11.1.2. The Principles of JCA and JCE
          1. 11.1.2.1. Implementation Independence
          2. 11.1.2.2. Implementation Interoperability
          3. 11.1.2.3. Algorithm Independence
          4. 11.1.2.4. Algorithm Extensibility
        3. 11.1.3. JCA and JCE Providers
          1. 11.1.3.1. Design
          2. 11.1.3.2. Implementation
          3. 11.1.3.3. Configuration and Management
            1. Copy the Provider Package
            2. Configure the Provider
        4. 11.1.4. Engine and SPI Classes
      2. 11.2. The JCA API
        1. 11.2.1. The java.security.SecureRandom Class
        2. 11.2.2. The java.security.Key Interface
        3. 11.2.3. The PublicKey and PrivateKey Interfaces in Package java.security
        4. 11.2.4. The java.security.KeyFactory Class
        5. 11.2.5. The java.security.KeyPair Class
        6. 11.2.6. The java.security.KeyPairGenerator Class
        7. 11.2.7. The java.security.KeyStore Class
        8. 11.2.8. The java.security.MessageDigest Class
        9. 11.2.9. The java.security.Signature Class
        10. 11.2.10. The AlgorithmParameters and AlgorithmParameterGenerator Classes in Package java.security
        11. 11.2.11. The java.security.SignedObject Class
        12. 11.2.12. The java.security.spec Package
        13. 11.2.13. The java.security.cert Package
        14. 11.2.14. The java.security.interfaces Package
      3. 11.3. The JCE API
        1. 11.3.1. The javax.crypto.Cipher Class
        2. 11.3.2. The CipherInputStream and CipherOutputStream Classes in the javax.crypto Package
        3. 11.3.3. The javax.crypto.SecretKey Interface
        4. 11.3.4. The javax.crypto.spec.SecretKeySpec Class
        5. 11.3.5. The javax.crypto.KeyGenerator Class
        6. 11.3.6. The javax.crypto.SecretKeyFactory Class
        7. 11.3.7. The javax.crypto.SealedObject Class
        8. 11.3.8. The javax.crypto.KeyAgreement Class
        9. 11.3.9. The javax.crypto.Mac Class
      4. 11.4. JCE in Practice
        1. 11.4.1. Bob's Program
        2. 11.4.2. Alice's Program
      5. 11.5. Security Considerations
    3. 12. PKCS and S/MIME in J2EE
      1. 12.1. PKCS Overview
        1. 12.1.1. PKCS#1: RSA Cryptography Standard
        2. 12.1.2. PKCS#5: Password-Based Cryptography Standard
        3. 12.1.3. PKCS#7: Cryptographic Message Syntax Standard
        4. 12.1.4. PKCS#8: Private-Key Information Syntax Standard
        5. 12.1.5. PKCS#9: Selected Attribute Types
        6. 12.1.6. PKCS#10: Certification Request Syntax Standard
        7. 12.1.7. PKCS#12: Personal Information Exchange Syntax Standard
      2. 12.2. S/MIME Overview
      3. 12.3. Signing and Verifying Transactions with PKCS and S/MIME
        1. 12.3.1. Considerations on the PKCS#7 Standard
        2. 12.3.2. Using PKCS and S/MIME
      4. 12.4. Encrypting Transactions with PKCS and S/MIME
      5. 12.5. Security Considerations
      6. 12.6. Future Directions
    4. 13. The SSL and TLS Protocols in a J2EE Environment
      1. 13.1. The SSL and TLS Protocols
        1. 13.1.1. The Record Protocol
        2. 13.1.2. The Handshake Protocol
      2. 13.2. HTTPS
      3. 13.3. Using the SSL Support Built into J2EE Products
        1. 13.3.1. SSL to Protect User ID and Password during Authentication
        2. 13.3.2. SSL in Certificate-Based Authentication
        3. 13.3.3. Reverse Proxy Server and WAS Mutual Authentication
        4. 13.3.4. SSL in Cookie-Based Single Sign-On
        5. 13.3.5. Single Sign-On with Certificate-Based Authentication
        6. 13.3.6. SSL to Protect the Communication Channel
      4. 13.4. Using SSL from within J2EE Programs
        1. 13.4.1. JSSE
        2. 13.4.2. Trust Managers
        3. 13.4.3. Truststores
      5. 13.5. Examples
        1. 13.5.1. Basic Scenario without SSL
        2. 13.5.2. Scenarios with SSL
          1. 13.5.2.1. Scenario with No Authentication
          2. 13.5.2.2. Scenario with SSL Server Authentication
          3. 13.5.2.3. Scenario with Both SSL Server and Client Authentication
      6. 13.6. Summary
  9. V. Advanced Topics
    1. 14. Enterprise Security for Web Services
      1. 14.1. XML
      2. 14.2. SOAP
      3. 14.3. WSDL
      4. 14.4. Security for Web Services: Motivations
      5. 14.5. Security Technologies
        1. 14.5.1. XML and Cryptography
        2. 14.5.2. WS-Security
      6. 14.6. Web Services Security Model Principles
        1. 14.6.1. Web Services Message Security
        2. 14.6.2. WS-Policy
        3. 14.6.3. WS-Trust
        4. 14.6.4. WS-SecureConversation
        5. 14.6.5. WS-Privacy
        6. 14.6.6. WS-Federation
        7. 14.6.7. WS-Authorization
        8. 14.6.8. Example
      7. 14.7. Application Patterns
      8. 14.8. Use Scenario
      9. 14.9. Web Services Provider Security
        1. 14.9.1. User Authentication
        2. 14.9.2. Authorization Enforcement
      10. 14.10. Security Considerations
      11. 14.11. Futures
    2. 15. Security Considerations for Container Providers
      1. 15.1. Understanding the Environment
      2. 15.2. Authentication
        1. 15.2.1. Authentication Mechanisms
        2. 15.2.2. Using JAAS LoginModules
        3. 15.2.3. User Information
        4. 15.2.4. Single Sign-On
      3. 15.3. Authorization
      4. 15.4. Secure Communication
        1. 15.4.1. Using JSSE
        2. 15.4.2. Client Certificates
      5. 15.5. Secure Association
      6. 15.6. Access to System Resources
      7. 15.7. Mapping Identities at Connector Boundaries
    3. 16. Epilogue
  10. VI. Appendixes
    1. A. Security of Distributed Object Architectures
      1. A.1. RMI
      2. A.2. Stubs and Skeletons
      3. A.3. RMI Registry
      4. A.4. The Security of RMI
    2. B. X.509 Digital Certificates
      1. B.1. X.509 Certificate Versions
    3. C. Technical Acronyms Used in This Book
      1. A
      2. B
      3. C
      4. D
      5. E
      6. F
      7. G
      8. H
      9. I
      10. J
      11. K
      12. L
      13. M
      14. N
      15. O
      16. P
      17. Q
      18. R
      19. S
      20. T
      21. U
      22. V
      23. W
      24. X
    4. D. Sources Used in This Book