RE: Request for 1.2 Feature

jgindin@walldata.com
Fri, 16 Jan 1998 08:06:47 -0800

From: jgindin@walldata.com
Message-Id: <199801161604.IAA18915@java1.javasoft.com>
To: gong@games.eng.sun.com, jgindin@walldata.com
Subject: RE: Request for 1.2 Feature
Date: Fri, 16 Jan 1998 08:06:47 -0800

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------ =_NextPart_000_01BD2255.D70C3D30
Content-Type: text/plain;
charset="iso-8859-1"

The problem, in a nutshell, is that I cannot trust the caller of a
method to honestly tell the called method who he is. I'm particularly
interested in being able to determine if the caller implements a
particular interface, ISecureObject. If I (the called method) know that
the caller implements that interface, then I can interrogate the caller
for authentication information (i.e., calling a method like
ISecureObject.getCertificate()). At that point, I know that I'm getting
the real information about the real caller.

If I understand your alternative solution below correctly, it does not
solve this problem--A still has to either create an instance or obtain
an instance of C. In either case, there's still the possibility that A
could lie about it's identity. For example, if A has to create an
instance of C, passing in an ISecureObject to the constructor, there's
no guarantee that A will pass itself in! (Let's assume that A is not
trusted to call one or more methods on B.) A could pass in some other
object, which is (for the purposes of this discussion) trusted, and so A
now has an instance of C, through which it can gain access to B. A
could do a similar maneuver if it instead had to call an API to get an
instance of C.

Please let me know if this helps your understanding of the problem.
I'll gladly try to expand more if necessary.

Jay Gindin

-----Original Message-----
From: Li Gong [mailto:gong@games.Eng.Sun.COM]
Sent: Thursday, January 15, 1998 11:35 PM
To: jgindin@walldata.com
Cc: java-security@web1.javasoft.com
Subject: Re: Request for 1.2 Feature

Jay,

I understand the requested feature but do not understand fully the
problem you are trying to solve. Could you let us know the scenario
of the application so we can see what is the best way to address your
concern? More specifically, why it matters to you if the caller is a
particular type? What are you trying to determine here about the
caller? What about alternative solutions?

For example, suppose you want to have A call B but have B check if A
is an instance of X. You can do this by constructing a new class C
and have a method C.invokeB(A) -- you invoke the appropriate method on
B via C but passing A through as the real invoker.

B can now check if A is of the right instance. If so, B then does
whatever it needs to do. If B needs to return data Y to A, just add a
method A.getResult() and have B invokes it -- A.getResult(Y).

You may think C could lie, but there are ways to get that fixed. This
just shows there might be other ways to do something, so we may want
to figure out more back ground before committing to a feature.

Thanks.

Li
--

jgindin@walldata.com writes:
> I need to be able to dynamically determine the caller of a particular
> method. I only want to allow objects that implement a particular
> interface to call the method--if anyone else calls the method, I want
to
> be able to throw an exception. The code would look something like
this:
>
> public void foo() throws UnauthorizedCallerException
> {
> Object caller = someSecurityApiToGetTheCaller();
> if ( caller instanceof ISecureObject ) {
> // Do work
> }
> else {
> throw new UnauthorizedCallerException();
> }
> }
>
> I understand that the code that wants to call the
> someSecurityApiToGetTheCaller() method may need to have privileges (as
> defined in the 1.2 security documents), and that is perfectly
acceptable
> (probably even desirable!).
>
> There is an allusion to this sort of ability on 32 of the "Java
Security
> Architecture (JDK 1.2)" document, revision 0.7, dated October 1, 1997.
>
> I appreciate any help you are able to offer.
>
> Jay R. Gindin
>
> -----------------------------
> Jay R. Gindin | This
> Senior Product Developer | space
> Wall Data Incorporated | for
> jgindin@walldata.com | rent!
>
>
>

------ =_NextPart_000_01BD2255.D70C3D30
Content-Type: application/ms-tnef
Content-Transfer-Encoding: base64

eJ8+IjQQAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQSAAQAcAAAAUkU6IFJlcXVlc3QgZm9yIDEuMiBGZWF0dXJlAN4I
AQmAAQAhAAAAODQzMkI4MUU3NDhDRDExMTgzNTYwMDYwQjBBMTJEQTAA5QYBIIADAA4AAADOBwEA
EAAIAAcAMAAFACoBAQWAAwAOAAAAzgcBABAACAAGAC8ABQAoAQENgAQAAgAAAAIAAgABA5AGAKgO
AAAvAAAACwACAAEAAAALACsAAAAAAAMALgAAAAAAQAA5ABCW876YIr0BHgBwAAEAAAAYAAAAUmVx
dWVzdCBmb3IgMS4yIEZlYXR1cmUAAgFxAAEAAAAbAAAAAb0iUV3UW3YZM44AEdGwZgCgJIOL5QAR
Zb9QAB4AQhABAAAAKgAAADwxOTk4MDExNjA3MzUuWEFBMDY3OTdAZ2FtZXMuZW5nLnN1bi5jb20+
AAAAAwDeP+QEAAADAAFuIAAAAAsADoALIAYAAAAAAMAAAAAAAABGAAAAAACIAAAAAAAACwAPgAsg
BgAAAAAAwAAAAAAAAEYAAAAABYgAAAAAAAADAAWACCAGAAAAAADAAAAAAAAARgAAAAABhQAAAAAA
AAsAAYAIIAYAAAAAAMAAAAAAAABGAAAAAAOFAAAAAAAACwAAgAggBgAAAAAAwAAAAAAAAEYAAAAA
DoUAAAAAAAADAAaACCAGAAAAAADAAAAAAAAARgAAAAARhQAAAAAAAAMAB4AIIAYAAAAAAMAAAAAA
AABGAAAAABiFAAAAAAAAAwACgAggBgAAAAAAwAAAAAAAAEYAAAAAEIUAAAAAAAADAAOACCAGAAAA
AADAAAAAAAAARgAAAABShQAAxxIAAB4ABIAIIAYAAAAAAMAAAAAAAABGAAAAAFSFAAABAAAABAAA
ADguNQAeAAiACCAGAAAAAADAAAAAAAAARgAAAAA2hQAAAQAAAAEAAAAAAAAAHgAJgAggBgAAAAAA
wAAAAAAAAEYAAAAAN4UAAAEAAAABAAAAAAAAAB4ACoAIIAYAAAAAAMAAAAAAAABGAAAAADiFAAAB
AAAAAQAAAAAAAAADACYAAAAAAAMANgAAAAAAHgAxQAEAAAAQAAAASkdJTkRJTjhDOUM3RUNDAAMA
GkAAAAAAHgAwQAEAAAAQAAAASkdJTkRJTjhDOUM3RUNDAAMAGUAAAAAAAgEJEAEAAACLCQAAhwkA
ANoRAABMWkZ1O6E9CYcACgENA0N0ZXh0Aff/AqQD5AXrAoMAUALzBrQCgyYyA8UCAGNoCsBzZdh0
MCAHEwKAfQqACM8/CdkCgAqECzcSwgHQIFQwaGUgcANgAmBlbQQsIAuAIGEgbnVkdHMX4GxsGIEE
IHQjE3AFQEkgYwBwbm/hBUB0cnVzGoEX4Row4xlQBJAgb2YYwQeAGcBTBHAZsG8gHDBuB5B0fGx5
GbAZQRr4HFAcBXdPHDAckBfwBAAuIBoAJ4ZtGAAKwHRpY3ULYP5yHQELgA7wFUAa0B4BGKH0YmUL
gGcYwBhBHGIBAP0gkW0LgB7xG8AbCQdwC1C/GGAJ8BkQGMEfqCBkZgDQOmUYgEkGYB/wFUBPYrpq
BZB0HzIbwBoQKB2P+CkgaxpgB+AZwyMPJBN/GcMlORsBA6AaEyBkA2Bn3xngIeEbGAIQBcBhGQAr
gfsf0RngaQIgGJEtkQDALnPgKGkuZS4YgBtCIXNbG/YwIGsX8CXsZxOwQwsEkB/QZi5CZSgpKc0f
MUEa4hnhcG8gcSXB/yhpH2IyMR/QIYEbAhVAB0C/LrsBoAhgGuQ2IxtELgqj5wqFCoAm43VuBIEa
0ABwrRxQeQhhGMBsIJFuLmH6dhfwcwbwGQAugiFQFNB/B+AFoRVAJpAdABiBBUBk/m8HkRpiO4E7
URnAGZEYFfgtLUE7cB/QHVETcBmh/xyAIWAbAQXABQA2MCyxK/PvOhIloBugG5FiAZAYokEK/RvA
Qx8yA6BAFj+wK0QVQD4nBCA/RBsCM/AEEGli/wMQPSAdERnSPyAFoCAAMOLvQNE3Qz0gRNFpAQAu
IUYw7R8xRgWxDwBhI8IYgRvA/z8gP6VAj0L0GIAKsEXBIYH/QiQl6xxiGwMCIBrQGrAmkO8FsERo
GmA1UHUKwABwDvB/LMJGgwPwHVFL8j0RE6BsyxvAC4AhH0AoTBOwRNH9TAF1B4BGVhmRGmceAUoy
/xtRG6AioQWxBGAVQBv1BCD5LpFCLihQRqdRBAOgO4D/UsEacEBCGDAmchiAHqAf4PpoGYIoLZJF
YwhwRaEHkfsbsT5DZAQAH/BFwQIgKFD/U9UYgDoyO4BGoSiCP6JK3/MZsQNgdWdZAFjFBUAr4vss
kBiiYyWgBBEccVZAVng/PVAYwQCQIoAk8gOBZXXfO1AjkVGhKqIg0WEcUBNw81Q4A5FBUBoQHHEy
MV1P+ziNOJVQGFBEMTDwZSFSwe8ocyLTGZEZMXAEIDpzOchfIXJacxf3HzMdUWcLYGTtHQJyHRE/
8XgKsDpBVUM/ItEcwGAyCsBIkDicSmG9HRBHC4BqoWZvOMIgPwC1caFPBRBnC4A2QU1uUhcyMHGj
OJVGA2E6IEzuaW/QAiAhkFsAwAMQHHA0Omd0UUAskAeBLkUJIYAuUznALkNPTX5dOJUGYAIwc/AX
0Ahwcz5kb7AYgG+gGPBugSAxQjUYgDE5OTh4YDFAOjM1IFBNOJVUmXTwIGpyIWqhQHcbUSt3oAGQ
LgWgbTiVQ2PhehFhdmEtE6AmEUYh4XqgZWIxLnwiO4ABgE97OXYAJmNz8FJlfvJx7wpQGtEtkn0w
MkjASoEmIftwT278LDidObo15H9zHgF+ZoBkIUA3YWFxGmI5yWb/IAAdAhfgOJUYFTpiGMBVYf9s
wTWjHIA94x8xCFFHAYiyf2giGsAoZjthJaA7EAUQb/M4lWr1YXALUC5GXIF9AP8r0xOgF/AeoCqS
GaKFsX+S93qwbONjgGQgsWmkOJVOISsloASgPx9ATVVSc3D/BZAyo4dRWKIgUWhBGeAgkf8/w4iy
It0kQYfGJJhGMJKg/ZIRVxnSiPKIsok4IjhEkn83KJE2G1OXVzdDOs8ugXP+PzicSNtSoI1gWiGI
o3qwvwIwHGN8MBfwRrFUkkKFw++gc6EwE2AFkGtJkziVlbL1QmxYHzFZiMEr4mFxPkP+Yh0QTicw
NBzAPFELYAQRfkM4lToyoHMb50NAC4B24m8xIEIoQShQPwCUhP+pA40GA2AYEAcwLLEcBQIg+ziV
oTB2BzBDMIXDS/Y/IP9edj+yNfipEjh+oeEDkSiC76IIGYJq9XIBaGMUQWImtH87gBiAoTArcz1S
OJWO8mX/YpMFQBzACYA/wz1QJrShMH+11xVAgIGk0XsBpGAcYkG9GIBqGsKQcZXXHAVBMiL/fxBS
oJwwMxBcM6GVqPRRMvupkrpaWTMwOJykcgDARkL/C4CiQKzgRtcYgIXSRIOI49+QAT/DZRIZwzKw
eAmAHzH/F9AEADiVuNMZICiQj1NVYn+ygyFQV9XBJmFxV5K/Emf/nxGOI77Sn/I4lRxxMrBPoPdV
YTdSVUNiANCiQAnACGDvOkEhUC2RTgJtIoA1hWGC74VVOI0X0ABwax8gOJx0EH9xKDicej97QR6Q
fLEHkDp9OJU+GgG10hxixNEht3n/OxAigJMDIikbDh+o0YccBP8fMlTBHQGf9htRKJFYRCpW/yPG
1Z/RwyU3VEcbAhwEPwD/ItEAcDpwIqEZQGfxG0KPVP8cBDRCn/XRh9K5XnIH4AOR/w8AJaAFMC6B
woNOAgEAHpD9RuRvqSDGCDD0PkLRd9GH/1ngAmAf4KyQNACFMeOguwE74VMEIFU7EC3hBbBperUJ
gEMbU0Xh9tGHXAAA79GWH0BNRRtFPVeDJfNGIehBcGl58EcTsBfR6ITtMxA76iki0SgpR0E1G7EP
TNwoUOoLH0AvLyBEy44hBbBr6ilcfeop3hP/8P3hVKaS58/o2O2s8znzOP/RiYPLKObi8hnDn/JK
FNx1/9GH69/s7Bv2vtLSNqBzqxH/rKAYUDIwWTE/sNGHDhEikX8hAxsCgBJ8dj1BH/AkAyn/XCQq
dD5xJWE8s2AD90Ahsv3RhygYEiGxHRC1UaTRvDD2aU/QGEEhvZflmBfRbcL/oyOg8RrALoJNs1kh
O4AkoLcbo0X1LpEzgDBq9SJvoP98QBDxfJTRhxPwE2DRMfCgIYWSKEpES4ACKSIfBJcYgBVArKAL
szAuN/cYgHrxHgFPTpEhUH/xeJP+NwmfGgGqwpKxSpR4UGlif4inIbYbsIVQOHflmG+iUv8fMG/r
5ZhxoxsvG6UYf2/09wcR8OAeJ3zCqtHwdvEugPU6oFCq8GROgfIAtVE8ML8GIR616qGSkCWR0YdX
oPL+RLgSQ4A8cTPwT9BUESF4/7aQLZHRh8/Pe0IeeSfFhLAt26AhGd4Z3X0qkAADAIAQ/////wIB
+T8BAAAAVAAAAAAAAADcp0DIwEIQGrS5CAArL+GCAQAAAAYAAAAvTz1XQUxMREFUQS9PVT1FWEhR
MDEvQ049TVNNQUlMVVNFUlMvQ049SkdJTkRJTjhDOUM3RUNDAB4A+D8BAAAAFgAAAEdpbmRpbiwg
SmF5IChNUyBNYWlsKQAAAB4AOEABAAAAEAAAAEpHSU5ESU44QzlDN0VDQwACAfs/AQAAAFQAAAAA
AAAA3KdAyMBCEBq0uQgAKy/hggEAAAAGAAAAL089V0FMTERBVEEvT1U9RVhIUTAxL0NOPU1TTUFJ
TFVTRVJTL0NOPUpHSU5ESU44QzlDN0VDQwAeAPo/AQAAABYAAABHaW5kaW4sIEpheSAoTVMgTWFp
bCkAAAAeADlAAQAAABAAAABKR0lORElOOEM5QzdFQ0MAQAAHMADWy/SWIr0BQAAIMPopdOOYIr0B
HgA9AAEAAAAFAAAAUkU6IAAAAAAeAB0OAQAAABgAAABSZXF1ZXN0IGZvciAxLjIgRmVhdHVyZQAL
ACkAAAAAAAsAIwAAAAAAAwAGEPt+TNMDAAcQxAsAAAMAEBAAAAAAAwAREAQAAAAeAAgQAQAAAGUA
AABUSEVQUk9CTEVNLElOQU5VVFNIRUxMLElTVEhBVElDQU5OT1RUUlVTVFRIRUNBTExFUk9GQU1F
VEhPRFRPSE9ORVNUTFlURUxMVEhFQ0FMTEVETUVUSE9EV0hPSEVJU0lNUEFSAAAAAKx5

------ =_NextPart_000_01BD2255.D70C3D30--