Module 7 Security and Transactions

Security and Transactions Topics to be Covered: Security and the Enterprise Transactions

Security and Transactions Security and the Enterprise

Security Issues Hermetically sealed vs. networked environment Executable content on the Web Security on the browser Security in the enterprise Security on the network –author authentication –data authentication

Security Requirements Authenticity –identification mechanism Integrity –unaltered messages Non-repudiation –certainty in authorization Confidentiality –secure communications

Java Virtual Machine Security Indirect execution Language features Protection domains class Bytecode Verifier Class Loader Security Manager/ Access Controller O.S.

JVM Access Control Evolution Java sandbox Applet security –SecurityManager enforces Digital signatures Policy –Permissions –CodeSource –AccessController enforces Class from xyz.com signed by JJInc. Permissions

Enterprise JavaBean Security Authentication –Validates the identity of the user –Login screen –Basic, Digest, Form-Based Authorization –Access Control Confidentiality and Integrity Protection –Secure Communication SSL (key exchange) Encryption

Authentication through JNDI Every client application must be associated with a security identity –users –roles properties.put(Context.SECURITY_PRINCIPAL, user ); properties.put(Context.SECURITY_CREDENTIALS, password ); javax.naming.Context jndiContext = new javax.naming.InitialContext(properties); Object ref = jndiContext.lookup("java:comp/env/ejb/RoomEJB"); RoomHomeRemote home = (RoomHomeRemote) javax.rmi.PortableRemoteObject.narrow(ref, RoomHomeRemote.class);

Role-Driven Access Control Deployment descriptors describe authorization information based on logical roles Logical roles mapped to real security roles during actual deployment This role represents a merchant authorized to make payments on the system AUTHORIZED_MERCHANT

Method Permissions Bean method access are associated with logical roles AUTHORIZED_MERCHANT ProcessPaymentBean byCredit

Unchecked methods Security Permissions not checked Used instead of ProcessPaymentBean byCash

Method Permissions public class ProcessPaymentBean implements ProcessPaymentRemote, ProcessPaymentLocal { ……… public boolean byCredit(Customer cust, CreditCardDO card, double amount) throws PaymentException {………} private boolean process( ……… ) {………}

Method Permissions with Annotations public boolean byCash(Customer cust, double amount) throws PaymentException public boolean byCheck(Customer cust, CheckDO check, double amount) {………} }

The runAs security identity Specifies under which identity the EJB will run when it calls other methods... TravelAgentBean... AUTHORIZED_MERCHANT

The runAs public class TravelAgentBean implements TravelAgentRemote { ……… }

Running as the Caller Specifies the EJB will run under the caller’s identity... EmployeeService...

Security Identity and MDBs Message-driven beans have only a runAs identity –For MDBs, there is no “caller” Clients that send messages to MDBs are not associated with the messages Called identity does not propagate Message-driven beans must always specify a runAs security identity if they interact with other secured session beans

Security and Transactions Transactions

Software Transactions Embody the concept of a commercial exchange Execution of a unit of work –Must perform reliably 100% of the time Atomic –Execute completely or not at all Consistent –Integrity of underlying data store Isolated –Data cannot be interfered with externally Durable –Retain information if system crashes

Declarative Transaction Management Transactions not hard-coded into business logic Reduces complexity of transactions for developers Controlled annotation or the deployment descriptor Transactions can be set for specific methods

Transaction Scope Session EJBs and Entities participating in a transaction TravelAgentEJB –bookReservation() method Creates Reservation Entity Uses ProcessPayment EJB EJB Unit of Work –Every EJB method invoked in a transaction Transaction propagated to every EJB & the entity manager within the transaction scope Dependent on EJB transaction attributes

Transaction Attributes Not Supported –Transaction scope (TS) is not propagated Supports –TS propagated if invoked by a transactional client –No TS if invoked by a nontransactional client Required –TS propagated if invoked by a transactional client –New TS started if invoked by a nontransactional client

Transaction Attributes RequiresNew –New TS always started Mandatory –TS propagated if invoked by a transactional client –Invocation fails if invoked by a nontransactional client Never –No TS allowed –Invocation fails if invoked by a transactional client –Invocation OK if invoked by a nontransactional client

element … TravelAgentEJB * NotSupported TravelAgentEJB bookPassage Required …

public class TravelAgentBean implements TravelAgentRemote { public void setCustomer(Customer cust) public TicketDO bookReservation(CreditCardDO, double price) {……} ……… }

Transaction Propagation Client Application ProcessPayment EJB Required TravelAgent EJB RequiresNew Reservation EJB Required bookReservation()

Transaction Isolation The “I” in ACID –Data within a transactions unaffected by other parts of the system Dirty Read –Reading uncommitted changes Repeatable Reads –Identical data reads during same transaction despite changes in existing records from a different transaction Phantom Reads –Different data reads during same transaction because of new records added by a different transaction

Transaction Isolation Levels TRANSACTION_NONE –Transactions disable or unsupported TRANSACTION_READ_UNCOMMITTED –Dirty, nonrepeatable, phantom reads occur TRANSACTION_READ_COMMITTED –Nonrepeatable, phantom reads occur TRANSACTION_REPEATABLE_READ –Phantom reads occur TRANSACTION_SERIALIZABLE –Dirty, nonrepeatable, phantom reads prevented

Explicit Transaction Management Not generally recommended Java Transaction API (JTA) –Provides transactional interface javax.transaction.UserTransaction // Get the user transaction javax.transaction.UserTransaction tran = …; tran.begin(); travelagent1.bookReservation(); travelagent2.bookReservation(); tran.commit();

Obtaining a UserTransaction Object Java EE Client Context ic = new InitialContext(); UserTransaction ut = (UserTransaction) ic.lookup("java:comp/env/UserTransaction");

Obtaining a UserTransaction Object Session Beans –Declaring Bean BEAN) public class XBean implements XBeanLocal { … }

Obtaining a UserTransaction Object Session Beans SessionContext sessionContext; UserTransaction ut = sessionContext.getUserTransaction(); ut.begin(); UserTransaction public class XBean implements XBeanLocal { … }

Stateful Session Synchronization Does Not Exist Method-ReadyPassive Transactional Method-Ready

SessionSynchronization public interface javax.ejb.SessionSynchronization { public abstract void afterBegin(); public abstract void beforeCompletion(); public abstract void afterCompletion (boolean committed); }

Transactional Method-Ready State Method-Ready Transactional Method-Ready afterBegin() Transactional Business Methods beforeCompletion() afterCompletion(true) OR afterCompletion(false)

Security and Transactions Topics to be Covered: Security and the Enterprise Transactions