org.web3d.vrtp.security
Class SecurityStrategy

java.lang.Object
  extended byorg.web3d.vrtp.security.SecurityStrategy
Direct Known Subclasses:
MicrosoftSecurityStrategy, NetscapeSecurityStrategy, SunSecurityStrategy

public abstract class SecurityStrategy
extends java.lang.Object

SecurityStrategy

SecurityStrategy is an abstract superpclass for implementing a platform-independent security scheme, outlined by Greg Frascadore in Java Pro, May 1999, pp. 20-33. Some source is available at www.java-pro.com.

The SecurityStrategy contains the abstract methods that various vendor- specific classes must implement. The various methods take instances that conform to various marker interfaces (see Patterns, Garard). These are interfaces that simply signify something about the class being passed in. The class that inherits from SecurityStrategy calls back the caller after switching on security calls.

Note that this class, and the other security classes, are declared public. This is contrary to enforcing effective security; and class from outside this package can inherit from SecurityStrategy, along with the various Badge interfaces, and therefore bypass security. This is OK, and desired, for our uses; basically, we want security to go away and leave us alone. Serious commercial apps need to be more careful on this front, and should therefore have security classes limited to only this package.

This implementation differs from the one in _Java Pro_. The one there, by Frascadore, uses a single callback method, invoke(), used by all classes. The security strategy always called back to invoke(). This implementation is more complex. The caller can pass in a string that is used to look up a method name, which is dispatched at runtime on the calling object. The caller can optionally pass in parameters for the method that is called back by passing in an array of arguments. Also, the SecurityStrategy is implemented as an abstract class, rather than an interface. It seems to me that there won't be multiple root classes for security strategies; one inheritance path is good enough. Also, this allows us to stick a static method into the class, getSecurityStrategy, that returns a platform-appropriate instance--NetscapeSecurityStrategy when running under Navigator, MicrosoftSecurityStrategy when running under IE. This would not be possible with an interface, and the resulting code would have to be placed somewhere non-obvious.

Compiling this code can be slightly tricky. To compile all the classes in the directory, see compiling.html.

If you don't want some platform's security model, just delete it.

A somewhat longer version of this discussion appears in security.html.

Author:
Don McGregor mcgredo@nps.navy.mil
See Also:
NetworkCommBadge, PropertiesBadge, FileAccessBadge, MicrosoftSecurityStrategy, NetscapeSecurityStrategy

Field Summary
static boolean firstTime
           
 
Constructor Summary
SecurityStrategy()
           
 
Method Summary
 java.lang.Class[] classesForInstances(java.lang.Object[] pInstanceArray)
          A utility method that, when given an array of instances, returns an array of the corresponding classes for each object instance in the original array.
static void debug(java.lang.String pDebugStatement)
          Prints out a debugging statement if debugging is turned on.
static SecurityStrategy getSecurityStrategy()
          Create a security strategy appropriate to the platform we are currently running on, and return it.
abstract  void invokePrivilege(AllPermissionsBadge pAllPermissionsBadge, java.lang.String pMethodCallbackName)
           
abstract  void invokePrivilege(AllPermissionsBadge pAllPermissionsBadge, java.lang.String pMethodCallbackName, java.lang.Object[] pCallbackArgs)
           
abstract  void invokePrivilege(FileAccessBadge pFileAccessBadge, java.lang.String pMethodCallbackName)
          Enables access to filesystem, to the extent that the user has access.
abstract  void invokePrivilege(FileAccessBadge pFileAccessBadge, java.lang.String pMethodCallbackName, java.lang.Object[] pCallbackArgs)
          Enables access to filesystem, to the extent that the user has access.
abstract  void invokePrivilege(NetworkCommBadge pCommBadge, java.lang.String pMethodCallbackName)
          Enables communication across the network, including multicast.
abstract  void invokePrivilege(NetworkCommBadge pCommBadge, java.lang.String pMethodCallbackName, java.lang.Object[] pCallbackArgs)
          Enables communication across the network, including multicast.
abstract  void invokePrivilege(PropertiesBadge pPropertiesBadge, java.lang.String pMethodCallbackName)
          Enables access to Java properties, such as home directory, user name, Java VM specifications, etc.
abstract  void invokePrivilege(PropertiesBadge pPropertiesBadge, java.lang.String pMethodCallbackName, java.lang.Object[] pCallbackArgs)
          Enables access to Java properties, such as home directory, user name, Java VM specifications, etc.
static void setDebug(boolean pState)
          Turns debugging on or off
static void trace(java.lang.String pTraceStatement)
          Always prints out statement.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

firstTime

public static boolean firstTime
Constructor Detail

SecurityStrategy

public SecurityStrategy()
Method Detail

setDebug

public static void setDebug(boolean pState)
Turns debugging on or off


debug

public static void debug(java.lang.String pDebugStatement)
Prints out a debugging statement if debugging is turned on.


trace

public static void trace(java.lang.String pTraceStatement)
Always prints out statement. Easier to type than "System.out.println" all over the place.


getSecurityStrategy

public static SecurityStrategy getSecurityStrategy()
Create a security strategy appropriate to the platform we are currently running on, and return it. When running under Netscape, this will return a NetscapeSecurityStrategy; under IE, a MicrosoftSecurityStrategy.

This gets the java.vendor property from the VM in order to take a guess at the platform and security model under use.


classesForInstances

public java.lang.Class[] classesForInstances(java.lang.Object[] pInstanceArray)
A utility method that, when given an array of instances, returns an array of the corresponding classes for each object instance in the original array.

Parameters:
pInstanceArray - an array of Objects that we want the classes for

invokePrivilege

public abstract void invokePrivilege(NetworkCommBadge pCommBadge,
                                     java.lang.String pMethodCallbackName)
Enables communication across the network, including multicast. The object that implements the NetworkCommBadge marker interface is passed in; we call it back after implementing any security calls required. The callback is required in some security schemes because they walk the stack looking for security issues.

Parameters:
pCommBadge - the instance requesting priviliges
pMethodCallbackName - the method to call in that instance

invokePrivilege

public abstract void invokePrivilege(NetworkCommBadge pCommBadge,
                                     java.lang.String pMethodCallbackName,
                                     java.lang.Object[] pCallbackArgs)
Enables communication across the network, including multicast. The object that implements the NetworkCommBadge marker interface is passed in; we call it back after implementing any security calls required. The callback is required in some security schemes because they walk the stack looking for security issues. The method arguments are passed in an an array.

Parameters:
pCommBadge - the instance requesting priviliges
pMethodCallbackName - the method to call in that instance

invokePrivilege

public abstract void invokePrivilege(PropertiesBadge pPropertiesBadge,
                                     java.lang.String pMethodCallbackName)
Enables access to Java properties, such as home directory, user name, Java VM specifications, etc.

Parameters:
pPropertiesBadge - instance requesting getProperties priviliges
pMethodCallbackName - method that needs to do priviliged things

invokePrivilege

public abstract void invokePrivilege(PropertiesBadge pPropertiesBadge,
                                     java.lang.String pMethodCallbackName,
                                     java.lang.Object[] pCallbackArgs)
Enables access to Java properties, such as home directory, user name, Java VM specifications, etc.

Parameters:
pPropertiesBadge - instance requesting getProperties priviliges
pMethodCallbackName - method that needs to do priviliged things
pCallbackArgs - array of arguments to the method to be called back

invokePrivilege

public abstract void invokePrivilege(FileAccessBadge pFileAccessBadge,
                                     java.lang.String pMethodCallbackName)
Enables access to filesystem, to the extent that the user has access. Java VM specifications, etc.

Parameters:
pFileAccessBadge - instance requesting filesystem access priviliges
pMethodCallbackName - method that needs to do priviliged things

invokePrivilege

public abstract void invokePrivilege(FileAccessBadge pFileAccessBadge,
                                     java.lang.String pMethodCallbackName,
                                     java.lang.Object[] pCallbackArgs)
Enables access to filesystem, to the extent that the user has access. Java VM specifications, etc.

Parameters:
pFileAccessBadge - instance requesting filesystem access priviliges
pMethodCallbackName - method that needs to do priviliged things
pCallbackArgs - array of arguments to the method that is called back

invokePrivilege

public abstract void invokePrivilege(AllPermissionsBadge pAllPermissionsBadge,
                                     java.lang.String pMethodCallbackName)

invokePrivilege

public abstract void invokePrivilege(AllPermissionsBadge pAllPermissionsBadge,
                                     java.lang.String pMethodCallbackName,
                                     java.lang.Object[] pCallbackArgs)