THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Running
...
Tuscany
...
with
...
Java
...
2
...
Security
...
Enabled
...
Overview
...
of
...
Java
...
2
...
Security
...
Apache
...
Tuscany
...
promotes
...
the
...
Java
...
2
...
security
...
model
...
by
...
allowing
...
one
...
to
...
run
...
Service
...
Component
...
Architecture
...
(SCA)
...
applications
...
in
...
a
...
secured
...
environment.
...
By
...
default,
...
with
...
Java
...
2
...
security
...
disabled,
...
Java
...
application
...
code
...
and
...
the
...
Tuscany
...
runtime
...
code
...
base
...
run
...
in
...
an
...
unsecure
...
environment
...
with
...
no
...
security
...
manager.
...
This
...
gives
...
the
...
Java
...
application
...
and
...
Tuscany
...
runtime
...
access
...
to
...
all
...
system
...
resources.
...
The
...
application
...
may
...
read
...
and
...
write
...
all
...
system
...
properties,
...
open
...
and
...
read
...
any
...
system
...
files,
...
and
...
do
...
all
...
sorts
...
of
...
unprotected
...
actions.
...
All
...
Tuscany
...
code
...
will
...
run
...
unhindered
...
in
...
this
...
environment.
...
And
...
all
...
malicious
...
Tuscany
...
users
...
will
...
also
...
run
...
unhindered
...
in
...
this
...
environment.
...
With
...
Java
...
2
...
security
...
enabled,
...
the
...
user
...
contribution
...
to
...
the
...
SCA
...
domain
...
has
...
very
...
tight
...
security
...
restrictions.
...
This
...
ensures
...
that
...
the
...
user
...
SCA
...
application
...
does
...
not
...
introduce
...
mischevious
...
code
...
(for
...
instance
...
with
...
a
...
user-provided
...
custom
...
classloader)
...
or
...
perform
...
unprotected
...
investigations
...
(such
...
as
...
when
...
a
...
user-provided
...
application
...
starts
...
snooping
...
around
...
the
...
file
...
system
...
looking
...
for
...
interesting
...
files.)
...
The
...
Tuscany
...
runtime
...
is
...
also
...
forced
...
to
...
abide
...
by
...
these
...
tight
...
security
...
resitrictions,
...
but
...
the
...
runtime
...
has
...
been
...
fitted
...
and
...
tested
...
with
...
privileged
...
code
...
to
...
check
...
for
...
proper
...
access
...
permissions
...
before
...
performing
...
any
...
sensitive
...
operations.
...
Because
...
of
...
this
...
privileged
...
code
...
which
...
obeys
...
the
...
Java
...
2
...
security
...
architecture,
...
the
...
Tuscany
...
runtime
...
acts
...
as
...
a
...
proxy
...
and
...
performs
...
sensitive
...
operations
...
on
...
behalf
...
of
...
the
...
user
...
application.
...
The
...
purpose
...
of
...
this
...
article
...
is
...
to
...
show
...
how
...
one
...
can
...
run
...
Apache
...
Tuscany
...
and
...
SCA
...
applications
...
in
...
various
...
environments
...
while
...
enabling
...
Java
...
2
...
security
...
and
...
ensuring
...
the
...
application
...
is
...
running
...
in
...
a
...
secured
...
environment.
...
Tuscany
...
users
...
and
...
deployers
...
and
...
administrators
...
should
...
read
...
this
...
article.
...
More
...
in-depth
...
runtime
...
developers
...
should
...
also
...
proceed
...
onto
...
the
...
associated
...
article
...
...
...
...
...
...
.
...
Enabling
...
Java
...
2
...
Security
...
from
...
a
...
Command
...
Line
...
The
...
most
...
basic
...
way
...
to
...
run
...
Tuscany
...
applications
...
is
...
from
...
a
...
command
...
line
...
window
...
or
...
shell.
...
You
...
may
...
enable
...
security
...
in
...
this
...
environment
...
by
...
running
...
your
...
Tuscany
...
application
...
with
...
the
...
java.exe
...
-Djava.security.manager
...
option
...
on
...
the
...
command
...
line.
...
This
...
enables
...
the
...
default
...
Java
...
security
...
manager
...
which
...
delegates
...
access
...
control
...
decisions
...
to
...
java.security.AccessController
...
.
...
The
...
AccessController
...
determines
...
access
...
authority
...
for
...
your
...
Java
...
code
...
by
...
consulting
...
the
...
permissions
...
in
...
a
...
java.security.Policy
...
class
...
usually
...
specified
...
in
...
the
...
default
...
security.policy
...
file.
...
There
...
is
...
only
...
one
...
Policy
...
object
...
installed
...
into
...
a
...
Java
...
runtime
...
at
...
any
...
given
...
time.
...
The
...
default
...
behavior
...
for
...
Java
...
is
...
to
...
load
...
the
...
authorization
...
data
...
from
...
one
...
or
...
more
...
security
...
policy
...
files,
...
but
...
Tuscany
...
users
...
may
...
add
...
to
...
or
...
replace
...
the
...
policy
...
by
...
running
...
with
...
additional
...
policy
...
information
...
on
...
the
...
command
...
line.
...
For
...
instance
...
"-Djava.security.manager
...
-Djava.security.policy=tuscany.policy"
...
will
...
add
...
the
...
permissions
...
in
...
the
...
tuscany.policy
...
file
...
to
...
the
...
default
...
Java
...
permissions.
...
If
...
you
...
specify
...
"-Djava.security.policy==tuscany.policy"
...
you
...
replace
...
the
...
default
...
policy
...
with
...
those
...
specified
...
in
...
the
...
Tuscany
...
policy
...
file.
...
The
...
format
...
of
...
the
...
java.security.policy
...
is
...
a
...
URL,
...
which
...
can
...
contain
...
any
...
of
...
the
...
legal
...
URL
...
protocols
...
such
...
as
...
file:
...
or
...
http:
...
protocol.
...
Each
...
policy
...
file
...
will
...
contain
...
a
...
list
...
of
...
grant
...
statements.
...
A
...
grant
...
tells
...
the
...
runtime
...
where
...
the
...
code
...
came
...
from
...
(a
...
URL
...
specifying
...
the
...
code
...
base),
...
who
...
signed
...
the
...
code
...
(a
...
list
...
of
...
signer
...
certificates),
...
and
...
what
...
permissions
...
are
...
given.
...
The
...
permissions
...
can
...
be
...
read
...
write
...
permissions
...
to
...
the
...
file
...
system,
...
access
...
to
...
system
...
properties,
...
or
...
class
...
loading
...
privileges.
...
An
...
example
...
of
...
a
...
granting
...
all
...
permission
...
to
...
an
...
unsigned
...
Tuscany
...
code
...
base
...
is
...
given
...
here:
| Code Block | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| =
|
| |
| =
| ||||||||
} grant codeBase "file:$/{{user.home}}/tuscany/java/sca/-" { permission java.security.AllPermission; }; {code} |
This
...
example
...
grant
...
statement
...
is
...
quite
...
a
...
broad
...
bludgeon.
...
Namely
...
it
...
says
...
that
...
all
...
Tuscany
...
code
...
has
...
been
...
granted
...
all
...
permissions.
...
This
...
seems
...
like
...
this
...
is
...
not
...
very
...
secure
...
as
...
it
...
provides
...
all
...
permissions
...
to
...
Tuscany,
...
however,
...
it
...
is
...
still
...
a
...
step
...
up
...
from
...
running
...
with
...
no
...
security
...
policy.
...
In
...
this
...
case
...
Tuscany
...
is
...
provided
...
with
...
privileged
...
access,
...
while
...
user
...
application
...
are
...
not.
...
In
...
practice,
...
a
...
user
...
policy
...
might
...
want
...
much
...
finer-grained
...
permissions
...
towards
...
the
...
Tuscany
...
code
...
and
...
allow
...
only
...
specific
...
pieces
...
of
...
the
...
code
...
to
...
have
...
privileged
...
access.
...
An
...
example
...
...
is
...
attachmed
...
to
...
this
...
article.
...
Notice
...
that
...
the
...
URL
...
in
...
this
...
example
...
supports
...
the
...
substitution
...
of
...
system
...
properties.
...
You
...
can
...
also
...
provide
...
other
...
property
...
names
...
such
...
as
...
tuscany.home
...
or
...
whatever
...
property
...
you
...
provide
...
to
...
the
...
command
...
line.
...
Additionally
...
you
...
may
...
end
...
the
...
URL
...
with
...
'*'
...
which
...
includes
...
all
...
JARs
...
and
...
class
...
files
...
in
...
the
...
current
...
location
...
or
...
'-'
...
which
...
includes
...
all
...
JAR
...
and
...
class
...
file
...
recursively
...
below
...
this
...
location.
...
Additional
...
information
...
on
...
Java
...
application
...
security
...
architecture
...
and
...
features
...
is
...
given
...
at
...
...
Enabling Java 2 Security Using Maven
JIRA TUSCANY-2339 allows Maven to run all Tuscany itests and vtests with Java 2 security enabled. To run this Maven profile, you must provide a tuscany.policy file in your java.home /lib/security directory (default location) or provide a tuscany.policy.file property to provide a local file URL, or copy the contents of tuscany.policy to another policy file. As the tuscany.policy file is written, you must have system properties tuscany.home and maven.repos defined, or you must hard code the location of these code bases.
Run the Tuscany test profile with Maven by naming the security profile name explicitly or my providing a tuscany.policy.file property:
| Code Block |
|---|
|http://java.sun.com/javase/6/docs/technotes/guides/security/overview/jsoverview.html]. h2. Enabling Java 2 Security Using Maven JIRA TUSCANY-2339 allows *Maven* to run all Tuscany itests and vtests with Java 2 security enabled. To run this Maven profile, you must provide a tuscany.policy file in your ${java.home}/lib/security directory (default location) or provide a tuscany.policy.file property to provide a local file URL, or copy the contents of tuscany.policy to another policy file. As the tuscany.policy file is written, you must have system properties tuscany.home and maven.repos defined, or you must hard code the location of these code bases. Run the Tuscany test profile with Maven by naming the security profile name explicitly or my providing a tuscany.policy.file property: {code} mvn test -P security {code} or {code} |
or
| Code Block |
|---|
mvn "-Dtuscany.policy.file=file:///e:/tuscany.policy"
{code}
|
Here
...
is
...
the
...
addition
...
to
...
the
...
pom.xml
...
file
...
to
...
run
...
with
...
security.
...
You
...
may
...
uncomment
...
or
...
add
...
other
...
modules
...
to
...
perform
...
tests.
| Code Block |
|---|
} <profile> <id>security</id> <modules> <!-- <module>demos</module> --> <module>itest</module> <module>vtest</module> </modules> <activation> <property> <name>tuscany.policy.file</name> </property> </activation> <properties> <tuscany.policy.file><Your tuscany.policy file location></tuscany.policy.file> </properties> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId> <version>2.3.1</version> <configuration> <includes> <include>**/*TestCase.java</include> </includes> <reportFormat>brief</reportFormat> <useFile>false</useFile> <forkMode>once</forkMode> <!-- Place tuscany.policy in your Java home security directory. Alternatively, hardcode the file location here. --> <argLine>-Djava.security.manager -Djava.security.policy=${tuscany.policy.file} -Dpolicy.allowSystemProperty=true -Djava.security.debug=policy</argLine> </configuration> </plugin> </plugins> </build> </profile> {code} h2. Enabling Java 2 Security in Eclipse Many users import Tuscany projects into *Eclipse* or other Integrated Development Environment and run or develop applications in this type of environment. Whether you are running your own SCA application, or one of the many Tuscany samples or demos, the process for running with Java 2 security enabled is the same. Your application or sample has build and runtime dependencies on the Tuscany code, and the application is run with a security profile. Eclipse provides a run dialog that determines how a project is run. For instance, many Tuscany samples are run as Java applications. The Tuscany samples also provide many test cases that may be run in a JUnit test suite. In either case, you specify Java 2 security options in a similar way. You create a 'run' configuration for your type of code (Java application, Java applet, JUnit test case, etc.). The run dialog has a 'Arguments' tab where you can provide Java Virtual Machine options. You provide the Java 2 security options in the 'Program Arguments' text box. An example of this configuration is shown here: !EclipseAppConfig.png! h2. Security Tips for Popular Application Servers When Tuscany is run by an application server (whether it be WebSphere, Geronimo, or other), the policy of the server will form the starting point for Tuscany's security policy. h3. WebSphere Application Server h3. |
Enabling Java 2 Security in Eclipse
Many users import Tuscany projects into Eclipse or other Integrated Development Environment and run or develop applications in this type of environment. Whether you are running your own SCA application, or one of the many Tuscany samples or demos, the process for running with Java 2 security enabled is the same. Your application or sample has build and runtime dependencies on the Tuscany code, and the application is run with a security profile.
Eclipse provides a run dialog that determines how a project is run. For instance, many Tuscany samples are run as Java applications. The Tuscany samples also provide many test cases that may be run in a JUnit test suite. In either case, you specify Java 2 security options in a similar way. You create a 'run' configuration for your type of code (Java application, Java applet, JUnit test case, etc.). The run dialog has a 'Arguments' tab where you can provide Java Virtual Machine options. You provide the Java 2 security options in the 'Program Arguments' text box.
An example of this configuration is shown here:
There are two small gotchas to be aware of in this environment. Once again the location of the policy file is a URL. If you specify the policy with no file or http prefix, the default location will be location of the project in the workspace. So in this example, a simple -Djava.security.policy=tuscany.policy requires a tuscany policy file in the sample-calculator project in your Eclipse workspace. Since this is URL, you can put the policy file anywhere in your file system. Secondly, some of the Tuscany demos and samples use privileged code (such as load classes dynamically, read system properties, read the file system, or connect to various server sockets). These example do this to demonstrate various SCA features. However, these applications may throw a security exception because they are given proper access. In this case you may want to add access for Eclipse or application code. An example is given here:
| Code Block |
|---|
grant codeBase "file:${eclipse.home}/-" {
permission java.net.SocketPermission "127.0.0.1:*", "connect,accept,resolve";
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.util.PropertyPermission "*", "read";
};
|
Grant this access when you are developing in Eclipse. When you are ready to deploy and run these application in the real world, read the next section as to how to run on popular application servers.
Security Tips for Popular Application Servers
When Tuscany is run by an application server (whether it be WebSphere, Geronimo, or other), the policy of the application server will form the starting point for Tuscany's security policy. This section gives an overview to the Java 2 security policies of several popular application servers.