Integrating with Java 2 Security

When running under Java 2, the ORB protects the following of its APIs using the Java 2 Permissions framework so that only the codebases that have sufficient permissions can successfully invoke them.
Permission Classes
Name
Actions
com.sssw.jbroker.ORBPermission
"create"
"shutdown"
-
com.sssw.jbroker.InitialReferencesPermission
Initial Reference name
OR
"*" (any name)
"write"
com.sssw.jbroker.TransactionServicePermission
TransactionService Class name
"identify"
com.sssw.jbroker.POAPermission
"create"
"destroy"
"manage"
-
com.sssw.jbroker.SecurityServicePermission
"setContext"
"unsetContext"
"setPrincipal"*
"unsetPrincipal"*
"thread"
"orb"
com.sssw.jbroker.NameServicePermission
"create"
"transient"
"persistent"
com.sssw.jbroker.SSLPermission
"enableTLS"
"enableV2"
"addClientHandler"
"addServerHandler"
"addCertChain"
"addCACert"
"setCipherSuites"
-
ORB specific Java 2 Permissions.(* = deprecated)
Note: To run with Java 2 security turned ON, you need to install the ORB as a Java 2 Extension. The ORB is installed as a Java 2 extension in the JRE that ships with the Novell exteNd Messaging Platform.
Here is a brief description of each ORB permission.

ORB Permission

The two ORB permissions are - create, and shutdown. The caller needs to have the create ORB permission to be able to create an instance of the (non-singleton) ORB. This permission is checked when ORB.init is called for creating a non-singleton application ORB. The shutdown ORB permission is checked when the orb.shutdown method is called.

InitialReferences Permission

The InitialReferencesPermission is used to protect the reading/writing of initial references. The name of the permission is either the name of the initial object reference or "*", which represents all initial object names. The two actions that are supported are - read, and write. The permission for the read action is checked when ORB.resolve_initial_references is called. The permission for write action is checked when the bind method on the InitialReferencesService (IRS) is called.

Transaction Service Permission

The TransactionService permission is used to specify the Java Class name that can be instantiated as a Transaction Service and identified to the TSIdentification interface.

POA Permission

The POA permissions protect the creation, destruction, and management (via the POA Manager) of POA instances. Three names defined are - create, destroy, and manage, which are checked whan POA.create_POA, POA.destroy, and POA.the_POAManager methods are called respectively.

SecurityService Permission

The SecurityService Permissions are checked to ensure that only trusted code can set/get thread/ORB level SecurityContexts.

NameService Permission

The NameService permissions are checked before the NameServiceFactory can create a transient or a persistent NameService instance.

SSL Permission

The various SSL Permissions protect the methods in the CertificateManager Interface.

Example Security Policy File

A security file similar to one below is used by the ORB examples. See security.policy file for your installation of the ORB.
 
//
// Java 2 Security Policy file for ORB examples
//

// permissions for ORB examples
grant codebase "file:/opt/jbrokerORB40/examples/lib-"
{
    permission java.io.FilePermission
        "/home/user1/jbroker21/examples/-", "read, write";

    permission java.net.SocketPermission
        "*:1024-","listen, connect, accept, resolve";
    permission java.net.SocketPermission
        "230.0.0.1","connect, accept, resolve";

    permission java.util.PropertyPermission
        "java.naming.factory.initial", "read";

    permission com.sssw.jbroker.ORBPermission "create";
    permission com.sssw.jbroker.ORBPermission "shutdown";

    permission com.sssw.jbroker.InitialReferencesPermission
        "*", "read";
    permission com.sssw.jbroker.InitialReferencesPermission
        "NameService", "read, write";

    permission com.sssw.jbroker.SecurityServicePermission
        "setContext", "thread, orb";
    permission com.sssw.jbroker.SecurityServicePermission
        "unsetContext", "thread, orb";

    permission com.sssw.jbroker.NameServicePermission
        "create", "transient, persistent";

    permission com.sssw.jbroker.TransactionServicePermission
        "txHello.MyJTS", "identify";

    permission com.sssw.jbroker.POAPermission "create";
    permission com.sssw.jbroker.POAPermission "destroy";
    permission com.sssw.jbroker.POAPermission "manage";

    permission com.sssw.jbroker.SSLPermission "*";
};
JDK 1.2 Security Policy file used by the ORB examples.
Copyright © 1998-2003, Novell, Inc. All rights reserved.