• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

application level security

 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
my personal opinion is that one of the biggest problem is application level security. Let us consider simple example. Customer enters orders and the manager approves or rejects orders. Administrator manages personal data of customers and manages. Here are the minimal security requirements for this application:
1. Administrator has no access to business data.
2. Customers and managers has no access to administration data.
3. Manager can approve/reject orders only from specific regions (region is a customer's attribute)
4. Customer can view/update only his orders
Suppose, this is j2ee application. EJB security is not enough, because it does not cover instance level security (points 3 & 4). Moreover, we should protect not only data but servlets(URLs) for points 1 & 2. If our application is integrated with some external system(for example, loading of orders from CSV files directly to database), we need protection on the database level. Does anybody know how to build the consistent security model for such applications? Are there books/tutorials that address these problems? I think this example is *TYPICAL*. Everybody is welcome to share his experience
 
author
Posts: 1436
6
Python TypeScript Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think Liberty Alliance is supposed to address the "access control" aspect you raised.
As of how to protect database data, you should devise an application model that the database is only access from approved J2EE servers. The database should refuse connection requests from any other host. All users, desktop GUI and web UI users, access data through the J2EE application server.
 
Ranch Hand
Posts: 179
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Strange as it may sound the security model for an application is not usually determined by the Application Development Team but by the existing security infrastructure which is integrated with the application server or by a model proposed by the Security Administrators.
For example let's say a WebSphere installation is already in place with an LDAP repository and a DB2 database. Access to various areas of the site is controlled by mapping roles against restricted URIs. Under J2EE role to URI mappings are specified in the EAR through a vendor development tool such as JBuilder or WSAD and then the roles themselves are mapped against groups held in a user repository when the ear is deployed into a vendor application server such as WebSphere. The application server provides the authentication service i.e it detects requests for the restricted URI then prompts for a logon id and password. Successful authentication depends on whether the user is in the required role for that link. The Developers simply specify which URI, servlet or EJB is protected then the Application Server administrators specify which groups have access rights. In this way the authentication mechanism is abstracted from the application and controlled by the App Server.
In your scenario there are four roles.
Administrator
Manager
Customer.
Access rights would be
Administration Data - Administrator Role
Spain - Manager Role1
Italy - Manager Role 2
Customer Data - Customer Role.
Users in the Administrator role have access to the admin data page only.
Users in Manager Role 1 have access to the Spain region page only and Spanish customer data on that page.
Users in Manager Role 2 have access to the Italian region page only and Italian customer data on that page.
Users in the Customer Role have access to their own page which is pulled up when they log on to the site.
 
Cathy Gorchkova
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Patrick,
the decision you described is probably the best in terms of current technologies. But this model lacks a lot of things. The ideal variant will be:
- Do not create the role for each country, but create one parameterized role Manager<Country>. (All the roles share the same access rule).
- Do not create the page for each customer. There may be lots of customers and each of them has access to the page with exactly the same structure (but different data).
I also want some consistency checks. I want to be sure that user does not have access to the pages that show not his data. Is this the future? Does anybody work in this direction?
reply
    Bookmark Topic Watch Topic
  • New Topic