Method and device for controlling safety access to Java applications

Abstract

The invention discloses a method and a device for controlling safety access to Java applications. The method includes: a JVM (java virtual machine) generates an extension security access policy file according to authority description information in a Java archived file, resource access authority information of components in the extension security policy file is provided with authorization constraints, and the authorization constraints indicate that the corresponding component needs to be imparted with resource access permissions of the called components when calling specified operations of the other specified components; when the JVM receives a request of a first component to call a second component and the corresponding component is already loaded, the JVM judges according to the extension security access policy file; and when the current call meets the corresponding authorization constraints, the JVM imparts the resource access permission of the second component to the first component according to the corresponding authorization constraints, and the call is subjected to security access control. By the method and device, flexibility in deployment of Java safety mechanism can be improved and users' access needs can be met within security control range.

Description

Technical field [0001] The present invention relates to the field of communication technology, in particular to a method and device for controlling Java application security access. Background technique [0002] The Java language has the characteristics of platform independence, which makes Java technology widely used at present. Since the emergence of Java technology, more and more attention has been paid to the security of the Java platform and new security issues caused by the development of Java technology. [0003] The Java application server can provide a running environment for Java applications and use a security mechanism to ensure the security of the application server. The main purpose of the security mechanism of the Java application server is to prevent certain unauthorized users from calling certain dangerous components (such as classes, jar packages), and allow authorized users to call these components. Specifically, the security mechanism of the Java application s...

AI Technical Summary

Problems solved by technology

However, the problem with JAAS is that it is not flexible enough. To enable a certain operation of a certain class to enjoy privileges, it is necessary to write specific code and call the interface provided by JAAS, which will cause tight coupling of the code and make subsequent maintenance more troublesome.

For example, the requirements of the open PaaS platform often change. Using this hard-coded method may result in having to modify the code, recompile, and deploy when the requirements change, and the cost is relatively high.

In addition, some services provided by the PaaS cloud platform for user program calls use third-party software, and some of the third-party software only implements functions without considering security mechanisms and does not provide source codes, which leads to Attempts to modify source code to elevate privileged operations when invoked becomes exceptionally difficult

[0023] It can be seen that the SecurityManager in the traditional Java security mechanism may cause the user's request to access the service to be rejected because there is no permission, and JAAS is not flexible in deployment, especially for the PaaS cloud platform. There are major obstacles

Images