All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class ajanta.server.AjantaSecurityManager 

java.lang.Object
   |
   +----java.lang.SecurityManager
           |
           +----java.rmi.RMISecurityManager
                   |
                   +----ajanta.server.AjantaSecurityManager
public class AjantaSecurityManager
extends RMISecurityManager
A security manager derived from the restrictive RMI security manager Java's RMISecurityManager class provides an implementation of the security manager suitable for controlling accesses by remote code. It denies all access to local resources to any code which is loaded from a remote source, such as the machine hosting the client of an RMI call. We needed a more relaxed security policy, so as to allow agents to operate effectively, and yet not cause damage to the server's resources. AjantaSecurityManager} by extending the RMISecurityManager and by overriding some of its methods, allowed agents to access some system-level resources that would otherwise be denied to them. For example, by overriding the {\tt checkConnect} method, we allow agents to open connections to other machines. However, AjantaSecurityManager can imposes restrictions on which machines can be connected to, based on its security policy. It can also keep track of how many ports a single agent has opened, and can impose limits on this number, so as to prevent a denial of service attack ( will be supported in future releases). checkRead and checkWrite methods deny read and write access to files according to ACL based on owner of agent.

Constructor Index

o AjantaSecurityManager(Hashtable, URN)

Method Index

o checkAccess(Thread)
Loaded classes are not allowed to manipulate threads.
o checkAccess(ThreadGroup)
Loaded classes are not allowed to manipulate threads.
o checkConnect(String, int)
The RMI security manager does not allow outgoing connections.
o checkConnect(String, int, Object)
The RMI security manager does not allow outgoing connections.
o checkMemberAccess(Class, int)
Check if client is allowed reflective access to a member or a set of members for the specified class.
o checkRead(String)
Check if a caller class can read a particular file.
o checkWrite(String)
Check if a caller class can write a particular file.
o setAcl(String)
Set the path of the .acl file which is for creating ACL used for readAccess and writeAccess
o setNameRegistry(NRAccess)
Set the NRAcess interface for the Security Manager

Constructors

o AjantaSecurityManager 
 public AjantaSecurityManager(Hashtable dd,
                              URN user)
Parameters:
dd - reference to the domain database of the agent server
user - URN of the owner of the agent server

Methods

o setAcl 
 public void setAcl(String root_path)
Set the path of the .acl file which is for creating ACL used for readAccess and writeAccess

Parameters:
root_path - full path sting for the .acl file
o setNameRegistry 
 public void setNameRegistry(NRAccess namereg)
Set the NRAcess interface for the Security Manager

Parameters:
namereg - reference to the NRAccess field of agent server
o checkConnect 
 public void checkConnect(String host,
                          int port)
The RMI security manager does not allow outgoing connections. We're relaxing this by overriding the checkConnect methods.Currently empty. Should check the caller's domain and the host they're trying to connect to. Probably shouldn't allow connections except to the codeBase (and some other permissible sites?)

Overrides:
checkConnect in class RMISecurityManager
o checkConnect 
 public void checkConnect(String host,
                          int port,
                          Object object)
The RMI security manager does not allow outgoing connections. We're relaxing this by overriding the checkConnect methods.Currently empty. Should check the caller's domain and the host they're trying to connect to. Probably shouldn't allow connections except to the codeBase (and some other permissible sites?)

Overrides:
checkConnect in class RMISecurityManager
o checkMemberAccess 
 public void checkMemberAccess(Class c,
                               int w)
Check if client is allowed reflective access to a member or a set of members for the specified class. currently allowed to everyone

Overrides:
checkMemberAccess in class RMISecurityManager
o checkAccess 
 public synchronized void checkAccess(ThreadGroup t)
Loaded classes are not allowed to manipulate threads.

Overrides:
checkAccess in class RMISecurityManager
o checkAccess 
 public synchronized void checkAccess(Thread t)
Loaded classes are not allowed to manipulate threads.

Overrides:
checkAccess in class RMISecurityManager
o checkRead 
 public void checkRead(String filename)
Check if a caller class can read a particular file. If the caller thread group = main allow it to read. Else if the cred of agent was signed by the owner then check ACL to determine read permission for the owner and accordingly give or deny read permission. There is .acl in each servers directory where a server can give read or write permission to different user. If the cred of agent was signed by creator then deny read permission.

Overrides:
checkRead in class RMISecurityManager
o checkWrite 
 public void checkWrite(String filename)
Check if a caller class can write a particular file. If the caller thread group = main allow it to write. Else if the cred of agent was signed by the owner then check ACL to determine write permission for the owner and accordingly give or deny write permission. There is .acl in each servers directory where a server can give read or write permission to different user. If the cred of agent was signed by creator then deny write permission.

Overrides:
checkWrite in class RMISecurityManager 
All Packages  Class Hierarchy  This Package  Previous  Next  Index