Add new attachment

Only authorized users are allowed to upload new attachments.

This page (revision-13) was last changed on 29-May-2007 23:13 by JanneJalkanen  

This page was created on 25-Feb-2006 01:04 by 89.55.177.112

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 24 changed one line
The signing makes development unnecessaryly difficult.
The signing makes development unnecessarily difficult.
At line 26 changed one line
This is not a bug, because code-signing is needed to support certain deployment scenarios. This is perhaps a slight impediment to development, but I think we've done the best we can to make code-signing easy. The Ant scripts will auto-generate a key for you (with sensible defaults) whenever you build JSPWiki from scratch.
This is not a bug, because code-signing is needed to support certain deployment scenarios. This is perhaps a slight impediment to development, but I think we've done the best we can to make code-signing easy. The Ant scripts will auto-generate a key for you (with sensible defaults) whenever you build JSPWiki from scratch. So I think the comment "unnecessarily difficult" is a little harsh.
At line 30 changed one line
Here's an excerpt from the definitive book, ''Inside Java 2 Platform Security, 2nd Edition'', by Li Gong:
Here's an excerpt from the definitive book, ''Inside Java 2 Platform Security, 2nd Edition'', by Li Gong, that explains why this is so:
At line 32 changed one line
''Many {{Permission}} classes referenced by the policy configuration exist locally. That is, those classes can be discovered by the {{Policy}} provider's defining class loader or another loader it delegates to, such as the bootstrap class loader. Objects for such permissions can be instantiated during {Policy}} initialization. For example, it is always possible to instantiate a {{java.io.FilePermission}}, as the {{FilePermission}} class is bound on the bootstrap class path.
''Many {{Permission}} classes referenced by the policy configuration exist locally. That is, those classes can be discovered by the {{Policy}} provider's defining class loader or another loader it delegates to, such as the bootstrap class loader. Objects for such permissions can be instantiated during {{Policy}} initialization. For example, it is always possible to instantiate a {{java.io.FilePermission}}, as the {{FilePermission}} class is bound on the bootstrap class path.
At line 34 changed one line
However, [it is possible that] when the {{Policy}} object is constructed, the code that implenents a particular {{Permission}} class has yet to be loaded or is not available for loading. For example, a referenced {{Permission}} class might be in a JAR file that will eventually be downloaded. In this case, the {{Permission}} has yet to be defined within the Java runtime environment. For such a class, an {{UnresolvedPermission}} object is instantiated instead, as a placeholder that contains information about the permission... Unresolved permissions of a particular type must be resolved before an access control decision can be made about a permission of the actual type... To resolve an {{UnresolvedPermission}}, the policy decision point must locate and instantiate the appropriate permission class type...
However, [[it is possible that] when the {{Policy}} object is constructed, the code that implements a particular {{Permission}} class has yet to be loaded or is not available for loading. For example, a referenced {{Permission}} class might be in a JAR file that will eventually be downloaded. In this case, the {{Permission}} has yet to be defined within the Java runtime environment. For such a class, an {{UnresolvedPermission}} object is instantiated instead, as a placeholder that contains information about the permission... Unresolved permissions of a particular type must be resolved before an access control decision can be made about a permission of the actual type... To resolve an {{UnresolvedPermission}}, the policy decision point must locate and instantiate the appropriate permission class type...
At line 45 changed one line
''Note that the constructor takes an array of certificates, which can be used to verify the signatures on the permission class. Remember that {{UnresolvedPermission}}s enable the deferred loading of permission classes so that a given permission class need not be defined until necessary. __The very nature of such permission classes suggests that a more rigorous mechanism is required to ensure their authenticity. By signing a given permission class and specifying the signing requirement in the security policy, we have a foundation that can be used to assure us that the permission class respects the intentions of the root class {{java.security.Permission}} and that the implementation is not malicious.__ Of course, this assurance depends on the trust conveyed by the signature keys used to sign the class. However, without this mechanism, it would be up to the application to make this trust decision, which would be difficult, if not impossible, for the application to do.''
''Note that the constructor takes an array of certificates, which can be used to verify the signatures on the permission class. Remember that {{UnresolvedPermission}}s enable the deferred loading of permission classes so that a given permission class need not be defined until necessary. __The very nature of such permission classes suggests that a more rigorous mechanism is required to ensure their authenticity. By signing a given permission class and specifying the signing requirement in the security policy, we have a foundation that can be used to assure us that the permission class respects the intentions of the root class {{java.security.Permission}} and that the implementation is not malicious.__ Of course, this assurance depends on the trust conveyed by the signature keys used to sign the class. However, without this mechanism, it would be up to the application to make this trust decision, which would be difficult, if not impossible, for the application to do.'' [[emphasis mine]
At line 51 changed one line
''However'', it is not safe to assume that all environments work this way. In some (mine, for instance), the admin will wish to set the policy file manually. In this case, the JSPWiki Permission classes will ''not'' be available to the Java Policy object at JVM startup. Thus, they are instantiated initially as {{UnresolvedPermission}} instances. ''Therefore, we must have our JAR signed in order for them to become unresolved.''
''However'', it is not safe to assume that all environments work this way. In some (mine, for instance), the admin will wish to set the policy file manually. In this case, the JSPWiki Permission classes will ''not'' be available to the Java Policy object at JVM startup. Thus, they are instantiated initially as {{UnresolvedPermission}} instances. ''Therefore, we must have our JAR signed in order for them to become "resolved."''
At line 53 added 2 lines
P.S. Li Gong's book is outstanding, by the way, and I recommend it to anyone who wishes to explore the innards of Java security. Took me several read-throughs to really grok it, but it was well worth the effort.
At line 56 added 6 lines
----
As of 2.5.68, code signing is no longer necessary, unless you wish to use a global policy.
-- JanneJalkanen
Version Date Modified Size Author Changes ... Change note
13 29-May-2007 23:13 5.571 kB JanneJalkanen to previous
12 17-Jul-2006 21:51 5.449 kB Janne Jalkanen to previous | to last
11 17-Jul-2006 11:30 18.999 kB 211.53.198.25 to previous | to last
10 29-Mar-2006 10:18 5.449 kB 24.218.63.149 to previous | to last
9 29-Mar-2006 10:13 5.382 kB 24.218.63.149 to previous | to last
8 29-Mar-2006 10:13 5.352 kB 24.218.63.149 to previous | to last
7 29-Mar-2006 10:13 5.335 kB 24.218.63.149 to previous | to last
6 29-Mar-2006 10:11 5.121 kB 24.218.63.149 to previous | to last
5 29-Mar-2006 10:10 5.119 kB 24.218.63.149 to previous | to last
4 29-Mar-2006 10:09 5.118 kB 24.218.63.149 to previous | to last
3 29-Mar-2006 10:09 5.116 kB 24.218.63.149 to previous | to last
2 27-Feb-2006 07:28 0.667 kB 24.218.63.149 to previous | to last
1 25-Feb-2006 01:04 0.666 kB 89.55.177.112 to last
« This page (revision-13) was last changed on 29-May-2007 23:13 by JanneJalkanen