Accendia Inc

Iris Application Server Tutorial

Application Security

Application Security Elements

The application security consists of the following elements:

Application roles

The roles represent the types of users that are calling the application commands on the server. The roles are declared in the applications.properties file.

Role grants

Each role may be granted execution privileges with different granularity:

execute a certain interface of a command;
execute all interfaces of a certain command;
execute all interfaces of all commands;

The roles grants are declared in the application.properties file.

The users database

The users database file is IRIS_HOME/server/realm/users.db and stores the users and passwords. The users are created using the administration console and are associated with the server rather than certain applications instaled on the server. The users connect to the server not to the applications.

The grants database

The users are assigned roles for an application using the administration console. The roles are granted execution privileges and in turn the users get the execution privileges of the roles assigned to them. The server will automatically create a database file for the users grants called grants.db in the root directory of the application.

The grants for each database are maintained using a binary file database rather than using a plain text file because the information stored can be very large. An application may have a couple of roles, hundreds of commands but thousands of users and grants. Search operations and updates would be very slow when using text files. The server is also using a binary file database for the users and passwords making possible to store thousands of users and lookup hundreds of users and passwords per second.

Datasynch Access Control

Datasynch has 3 types of users: publishers, requestors and subscribers. For each type of user we declare an application role in the application.properties file:

# Application roles
Application.role=publisher
Application.role=requestor
Application.role=subscriber

The roles are granted the following execution privileges:

# Synchronizer grants
Application.command.synchronizer.grant= \
	com.accendia.datasynch.interfaces.IPublish, publisher
Application.command.synchronizer.grant= \
	com.accendia.datasynch.interfaces.IRequest, requestor,subscriber
Application.command.synchronizer.grant= \
	com.accendia.datasynch.interfaces.ISubscribe, subscriber

# Loader factory grants
Application.command.loader_factory.grant= \
	com.accendia.datasynch.interfaces.IUploaderFactory, publisher
Application.command.loader_factory.grant= \
	com.accendia.datasynch.interfaces.IDownloaderFactory, requestor,subscriber

All grants are assigned for interfaces. To grant execution privileges for all interfaces implemented by a command use the following syntax:

Application.command.command_name.grant=role_name

To grant execution privileges for all commands of the application use:

Application.grant=role_name

Create Users and Grant Privileges

The next step is to create the users and assign application roles to the users using the administration console. Create 3 users and grant each user one of the application roles. Run the client applications using each user.

User Privileges and Client Applications

A client application may have to enable or disable user interface elements based on the privileges granted to the connected user. The client can read the grants for the connected user using the command roles in the application admin. The following method verifies the user connected has subscriber privileges:

private boolean subscriberRoleGranted() throws InvocationException,
               		RemoteObjectNotFoundException, ClassNotFoundException, IOException
{
	IRoles rolesProxy = (IRoles)serverContext_.getCommandProxy( "admin", "roles" );
	String[] grants = rolesProxy.getGrants( "datasynch" );

	for( int i=0; i<grants.length; i++ )
	{
		String grant = grants[i];
		if( grant.equals( "subscriber" ) )
			return true;
	}

	return false;
}

The administrator user has all privileges by default regardless of explicit grants. The following code prints an information message and terminates the client if the connected user is not allowed to subscribe to data updates:

boolean subscriberGranted = user.equals("administrator") || subscriberRoleGranted();

if( !subscriberGranted )
{
	serverContext.close();
	System.out.print( "User is not granted the subscriber privilege" );
	System.exit(1);
}