JBoss Community

AS8: JBoss Security Manager Implementation Plan

created by Anil Saldhana in JBoss AS 7 Development - View the full document

This wiki article will propose an implementation plan for the security manager related changes for JBoss AS8.

 

Background

 

Please follow https://community.jboss.org/wiki/AS8JBossSecurityManagerDiscussion   for some background information.

 

Goal is to minimize the global policy file historic approach and adapt the Java Security Manager infrastructure in AS8 to a more modular approach.

 

 

Approach

 

  • We will have a security manager subsystem to define the global permission collection that modules will inherit by default. 
  • module.xml can define the permission collection that governs the module.  This is what the ModuleClassLoader will return to the security manager when asked for permission collection.
  • EE deployments can do META-INF/permissions.xml (as per EE7).   The deployment permissions need to be merged into the module level permissions.

 

Security Manager and Policy Implementation

 

The JVM can run under a Java Security Manager via two options:

  • Pass  -Djava.security.manager as command option
  • Programmatically, call    System.setSecurityManager(securityManager)

 

 

So we have two options to start the security manager in AS8.  (I personally like the programmatic option that will let the JVM and JBoss Modules system to start up before the security manager is put into operation).

Command Line Option

 

When we use the command line option,  the default security manager implementation (that uses Sun PolicyFile implementation)   will use the java.policy file from jre/lib/security folder of the JVM to construct the permissions that the JVM will have in starting up.  This takes care of the JVM starting up.

 

We will need to bootstrap the JBoss Modules system.  Now we have to think about providing the permissions for the jboss-modules.jar 

 

The easiest way to achieve this is to add an entry into the java.policy file.   or  have a single entry in a policy file within the AS8 folders and mandate users not add/delete anything from this file.   This will get the JBoss Modules system starting.

 

Once the module system is started,  we will use the programmatic stuff below.

Programmatic Option

 

There will be a security manager subsystem defined in the domain model.   It will have a flag called enable  which by default will be false.   If the user configures the enable flag to true,  the program will call System.setSecurityManager(),  if  System.getSecurityManager() == null.

 

The security manager subsystem can define the permission block for use by default by the module class loader.

Comment by going to Community

Create a new document in JBoss AS 7 Development at Community