Updated authorization layer prototype:
https://github.com/pfirmstone/HighPerformanceSecurity
On 30/06/2021 9:38 pm, Peter Firmstone wrote:
A draft Authorization implementation, untested.
--
Regards,
Peter Firmstone
A draft Authorization implementation, untested.
--
Regards,
Peter Firmstone
/**
* Authorization class, instances contain the domains and Subject of the
* Authorization context, used for Authorization decisions by Guard
* implementations. Provides static utility methods to make
Since I need to implement an authorization layer, and move past the
current uncertainty surrounding authorization and authentication in
Java, I think I'll start small and completely independent and learn from
history.
Requirements:
1. Ability to perform authorization checks on code and
On 26/06/2021 3:41 pm, Peter Firmstone wrote:
Apologies for multiple earlier emails, please ignore and read this
instead.
This proposal is about stripping out and simplifying as much of the
dilapidated and complex SecurityManager infrastructure as possible,
while retaining the ability for
Apologies for multiple earlier emails, please ignore and read this instead.
This proposal is about stripping out and simplifying as much of the
dilapidated and complex SecurityManager infrastructure as possible,
while retaining the ability for developers to implement a better high
scaling and
Inline.
On 26/06/2021 1:46 pm, Peter Firmstone wrote:
Inline below.
On 26/06/2021 1:11 pm, Peter Firmstone wrote:
One more proposed change inline:
On 26/06/2021 12:58 pm, Peter Firmstone wrote:
Summary of Proposed Changes:
1. GuardFactory & GuardFactorySpi to provide hooks for
Inline below.
On 26/06/2021 1:11 pm, Peter Firmstone wrote:
One more proposed change inline:
On 26/06/2021 12:58 pm, Peter Firmstone wrote:
Summary of Proposed Changes:
1. GuardFactory & GuardFactorySpi to provide hooks for authorization
checks without SecurityManager or Policy. (Note
One more proposed change inline:
On 26/06/2021 12:58 pm, Peter Firmstone wrote:
Summary of Proposed Changes:
1. GuardFactory & GuardFactorySpi to provide hooks for authorization
checks without SecurityManager or Policy. (Note GuardFactory
should never return null and instead return a
Summary of Proposed Changes:
1. GuardFactory & GuardFactorySpi to provide hooks for authorization
checks without SecurityManager or Policy. (Note GuardFactory should
never return null and instead return a no-op Guard that hotspot can
optimize out.
2. Existing Permission implementations
The more I think about it, allowing Thread to use a singleton immutable
unprivileged AccessControlContext instead of the inherited context is
the right thing to do, it achieves the original goal of avoiding
privilege escalation, limits the the size of the context that needs to
be checked and
ot; , "discuss"
Cc: "security-dev"
Envoyé: Mercredi 23 Juin 2021 11:19:42
Objet: Re: Authorization layer API and low level access checks.
OHi Peter,
n 23/06/2021 04:02, Peter Firmstone wrote:
1. StackWalker - Can stack walker be back ported to Java 8?
The right place to ask abou
Thanks Andrew,
For the simple case, of replacing the SecurityManager stack walk, one
could use reflection.
Thank you for also confirming that is not possible (or at least very
unlikely) to add a GuardBuilder to Java 8, the proposal is for JDK code
to use a provider mechanism, to intercept
Clarification inline below.
On 24/06/2021 11:03 am, Peter Firmstone wrote:
Hi Alan,
It is important to understand the reason for the inherited
AccessControlContext, in order to consider alternatives.
The motivation for inherited context, was simply to avoid privilege
escalation, prior to
Hi Alan,
It is important to understand the reason for the inherited
AccessControlContext, in order to consider alternatives.
The motivation for inherited context, was simply to avoid privilege
escalation, prior to Executors.
Whenever a permission check is made, the DomainCombiner, combines
- Mail original -
> De: "Andrew Dinn"
> À: "Peter Firmstone" , "discuss"
>
> Cc: "security-dev"
> Envoyé: Mercredi 23 Juin 2021 11:19:42
> Objet: Re: Authorization layer API and low level access checks.
> OHi Peter,
>
OHi Peter,
n 23/06/2021 04:02, Peter Firmstone wrote:
1. StackWalker - Can stack walker be back ported to Java 8?
The right place to ask about this is the jdk8u updates project list.
However, you probably don't need to ask there because the answer is
almost certainly going to be a very
On 23/06/2021 04:02, Peter Firmstone wrote:
Note: I'm not sure how to replace an inherited AccessControlContext
(with a new implementation based on StackWalker functionality) at
thread creation time, as it must be created when threads are created,
possibly by using ThreadFactory everywhere,
Java developers such as myself need a light weight API that allows
developers to continue to support authorization and access controls,
without dictating how that should be implemented or whether these
controls are fine grained, course grained, based solely on user
authorization or also
18 matches
Mail list logo
