Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for controlling safety access to Java applications

A security access control, java application technology, applied in the field of communication, can solve the problems of technical implementation barriers, inflexibility, inflexible JAAS deployment, etc., to meet user access needs and improve flexibility.

Active Publication Date: 2013-03-06
CHINA MOBILE COMM GRP CO LTD
View PDF4 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the problem with JAAS is that it is not flexible enough. To enable a certain operation of a certain class to enjoy privileges, it is necessary to write specific code and call the interface provided by JAAS, which will cause tight coupling of the code and make subsequent maintenance more troublesome.
For example, the requirements of the open PaaS platform often change. Using this hard-coded method may result in having to modify the code, recompile, and deploy when the requirements change, and the cost is relatively high.
In addition, some services provided by the PaaS cloud platform for user program calls use third-party software, and some of the third-party software only implements functions without considering security mechanisms and does not provide source codes, which leads to Attempts to modify source code to elevate privileged operations when invoked becomes exceptionally difficult
[0023] It can be seen that the SecurityManager in the traditional Java security mechanism may cause the user's request to access the service to be rejected because there is no permission, and JAAS is not flexible in deployment, especially for the PaaS cloud platform. There are major obstacles

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for controlling safety access to Java applications
  • Method and device for controlling safety access to Java applications
  • Method and device for controlling safety access to Java applications

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] PaaS cloud platform refers to running multiple programs on a computer, and a mechanism is needed to ensure that user programs will not affect each other. The embodiment of the present invention proposes a security sandbox technology that prevents mutual influence between user programs. Within the limits of the security sandbox, users can perform any operations permitted by their permissions. When a user attempts to perform an operation outside the security sandbox restrictions, a security exception will be thrown.

[0040] Generally, the security sandbox mechanism includes many functions, such as restricting user programs to write to the file system, creating sockets, creating child processes or threads, executing some system calls, and so on.

[0041] The embodiment of the present invention implements a brand-new Java access control mechanism by extending the description capability of the traditional policy. The security sandbox technology provided by the embodiment of th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a device for controlling safety access to Java applications. The method includes: a JVM (java virtual machine) generates an extension security access policy file according to authority description information in a Java archived file, resource access authority information of components in the extension security policy file is provided with authorization constraints, and the authorization constraints indicate that the corresponding component needs to be imparted with resource access permissions of the called components when calling specified operations of the other specified components; when the JVM receives a request of a first component to call a second component and the corresponding component is already loaded, the JVM judges according to the extension security access policy file; and when the current call meets the corresponding authorization constraints, the JVM imparts the resource access permission of the second component to the first component according to the corresponding authorization constraints, and the call is subjected to security access control. By the method and device, flexibility in deployment of Java safety mechanism can be improved and users' access needs can be met within security control range.

Description

Technical field [0001] The present invention relates to the field of communication technology, in particular to a method and device for controlling Java application security access. Background technique [0002] The Java language has the characteristics of platform independence, which makes Java technology widely used at present. Since the emergence of Java technology, more and more attention has been paid to the security of the Java platform and new security issues caused by the development of Java technology. [0003] The Java application server can provide a running environment for Java applications and use a security mechanism to ensure the security of the application server. The main purpose of the security mechanism of the Java application server is to prevent certain unauthorized users from calling certain dangerous components (such as classes, jar packages), and allow authorized users to call these components. Specifically, the security mechanism of the Java application s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
Inventor 李勇吴恒胡睿
Owner CHINA MOBILE COMM GRP CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com