Administering Service Security for the Core

On the previous page, we saw how to administer the users and roles for a given platform by using the Openwings security service. We also introduced the default users and roles that come with Openwings. This page shows how the core services are configured to use these roles.

The content in this page assumes that you have chosen one of the "secure" options when installing Openwings (development or runtime). In a secure install, each of the core Openwings services (Container, Container Manager, Installer, Context) is configured to use a secure Openwings connector. Each of these services has its own security policy, which is used to control access to the services as well as code security. In this trail we will focus on service access, not on code security.

Here is a portion of the Java security policy for the Openwings Container Manager implementation:

grant Principal net.openwings.security.OpenwingsRole "ow_admin" {
permission net.openwings.security.ServicePermission "com.gd.openwings.container.remote.RemoteManager.*";
};

This clause grants permissions to users that have the ow_admin role. The single permission granted is an Openwings ServicePermission that allows complete access to the container manager service. The wildcard * at the end of the permission means that every method on the specified interface may be called by a user that has been given this administrator role. See the ServicePermission API for more information.

Here is another excerpt from the same Java Security Policy:

grant Principal net.openwings.security.OpenwingsRole "ow_user",
Principal net.openwings.security.OpenwingsRole "ow_context_admin"
{
permission net.openwings.security.ServicePermission "com.gd.openwings.container.remote.RemoteManager.getRunnableProcesses()";
permission net.openwings.security.ServicePermission "com.gd.openwings.container.remote.RemoteManager.createProcess(net.openwings.identity.UniqueID, boolean, boolean, boolean, java.lang.String, long)";
permission net.openwings.security.ServicePermission "com.gd.openwings.container.remote.RemoteManager.createProcess(net.openwings.identity.UniqueID, long)";
permission net.openwings.security.ServicePermission "com.gd.openwings.container.remote.RemoteManager.createProcess(net.openwings.identity.ComponentDescriptor, net.openwings.identity.UniqueID, net.openwings.container.ContainerProcessStatus, java.rmi.MarshalledObject, long)";
permission net.openwings.security.ServicePermission "com.gd.openwings.container.remote.RemoteManager.createProcess(net.openwings.identity.ComponentDescriptor, long)";
permission net.openwings.security.ServicePermission "com.gd.openwings.container.remote.RemoteManager.createProcess(net.openwings.identity.ComponentDescriptor, boolean, boolean, java.lang.String, long)";
permission net.openwings.security.ServicePermission "com.gd.openwings.container.remote.RemoteManager.addRemoteContainerListener(com.gd.openwings.container.remote.RemoteContainerListener)";
permission net.openwings.security.ServicePermission "com.gd.openwings.container.remote.RemoteManager.removeRemoteContainerListener(long)";
permission net.openwings.security.ServicePermission "com.gd.openwings.container.remote.RemoteManager.checkRemoteContainerListener(long)";
permission net.openwings.security.ServicePermission "com.gd.openwings.container.remote.RemoteManager.getMobileProcessState(net.openwings.identity.UniqueID)";
permission net.openwings.security.ServicePermission "com.gd.openwings.container.remote.RemoteManager.startProcess(net.openwings.identity.UniqueID, long)";
permission net.openwings.security.ServicePermission "com.gd.openwings.container.remote.RemoteManager.stopProcess(net.openwings.identity.UniqueID, long)";
};

This second clause grants a specific set of permissions to users that have the ow_user and/or ow_context_admin role. There is a ServicePermission for each of several methods on the container manager interface. There is actually an individual permission for each of the methods of the interface except for shutdown(). We want users who are not platform administrators to be able to do everything the container manager allows (starting and stopping processes, etc.) except for shutting it down.

There is a small quirk to how these security policies are configured. Note that the service interface for a Container Manager is actually net.openwings.container.ContainerManager, but the policy grants permissions in terms of com.gd.openwings.container.remote.RemoteManager. This is because the reference implementation of the Container Manager uses a smart proxy. A smart proxy is a service implementation that implements the service interface with some code on the client side; this smart proxy code then uses a connector based on some private interface to talk back to the server side.

What follows is a chart that shows the default configuration for each service of the Openwings core based on the default roles:

You may wish to change these settings for some reason. To change security policies for the Openwings core, you must currently edit the security policy files by hand. For more information on editing security policies, please see the Code Security tutorial trail.

Next: Security Configuration Files

back to top

Copyright 2003, General Dynamics Decision Systems. All rights reserved.