|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--java.lang.SecurityManager | +--java.rmi.RMISecurityManager | +--ajanta.server.AjantaSecurityManager
A security manager derived from the restrictive RMI security manager Java's RMISecurityManager class provides an implementation of the security manager suitable for controlling accesses by remote code. It denies all access to local resources to any code which is loaded from a remote source, such as the machine hosting the client of an RMI call. We needed a more relaxed security policy, so as to allow agents to operate effectively, and yet not cause damage to the server's resources. AjantaSecurityManager} by extending the RMISecurityManager and by overriding some of its methods, allowed agents to access some system-level resources that would otherwise be denied to them. For example, by overriding the {\tt checkConnect} method, we allow agents to open connections to other machines. However, AjantaSecurityManager can imposes restrictions on which machines can be connected to, based on its security policy. It can also keep track of how many ports a single agent has opened, and can impose limits on this number, so as to prevent a denial of service attack ( will be supported in future releases). checkRead and checkWrite methods deny read and write access to files according to ACL based on owner of agent.
Field Summary |
Fields inherited from class java.lang.SecurityManager |
inCheck |
Constructor Summary | |
AjantaSecurityManager(java.util.Hashtable dd,
ajanta.naming.URN user)
|
Method Summary | |
void |
setAcl(java.lang.String root_path)
Set the path of the .acl file which is for creating ACL used for readAccess and writeAccess |
void |
setNameRegistry(ajanta.server.NRAccess namereg)
Set the NRAcess interface for the Security Manager |
Methods inherited from class java.lang.SecurityManager |
checkAccept, checkAccess, checkAccess, checkAwtEventQueueAccess, checkConnect, checkConnect, checkCreateClassLoader, checkDelete, checkExec, checkExit, checkLink, checkListen, checkMemberAccess, checkMulticast, checkMulticast, checkPackageAccess, checkPackageDefinition, checkPermission, checkPermission, checkPrintJobAccess, checkPropertiesAccess, checkPropertyAccess, checkRead, checkRead, checkRead, checkSecurityAccess, checkSetFactory, checkSystemClipboardAccess, checkTopLevelWindow, checkWrite, checkWrite, classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, getClassContext, getInCheck, getSecurityContext, getThreadGroup, inClass, inClassLoader |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public AjantaSecurityManager(java.util.Hashtable dd, ajanta.naming.URN user)
dd
- reference to the domain database of the agent serveruser
- URN of the owner of the agent serverMethod Detail |
public void setAcl(java.lang.String root_path)
root_path
- full path sting for the .acl filepublic void setNameRegistry(ajanta.server.NRAccess namereg)
namereg
- reference to the NRAccess field of agent server
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |