jsr342-experts@javaee-spec.java.net

[jsr342-experts] Re: security manager requirements in Java EE

From: Markus Eisele <myfear_at_web.de>
Date: Fri, 9 Mar 2012 07:05:32 +0100

Hi Bill,

I'm sorry. I am still not finished with catching up on all pending
feedback requests.

>>> Bill Shannon wrote on 02/10/2012 02:01 PM:
>>>> Unfortunately, what we failed to do was to make it clear that
>>>> Java EE applications servers were also required to be able to
>>>> run *with* a security manager, and to be able to enforce Java
>>>> security permissions.
>>>>
>>>> ***** Unless there are objections, we intend to make this
>>>> ***** requirement explicit in the EE 7 spec.

I am fine with this. As far as I know, this is common to most of the
products out there.

>>>> ***** Would you support a requirement to be able to run
>>>> ***** applications with a restricted set of permissions?

From a PaaS point of view this is a valuable feature. I highly
recommend to keep an eye on the developer usability for this. To me
this sounds like we could end up with a couple of different security
settings for every PaaS vendor and depending on the target platform
your app (incl. frameworks) will run or not. Can we make an addition,
that the permissions shouldn't restrict Java EE features as defined in
the spec? Would that make sense?

>>>> We think it's especially likely that a Java EE cloud product
>>>> will use a security manager to maintain control over the
>>>> operational environment. Remember, our target is PaaS, not
>>>> Middleware over IaaS:
>>>> http://blogs.oracle.com/rezashafii/entry/paas_is_not_middleware_over
>>>>
>>>> In a true PaaS environment, application permissions are likely
>>>> to be restricted to only what's needed. In such an environment,
>>>> it may be useful to know if the application needs any permissions
>>>> beyond the minimum that the platform spec guarantees.

Ok. Here is my point from above. So, I truely see this as an important
point to include!

>>>> ***** Would you support including such a capability in Java EE?

A clear "yes" from me. Beside the mentioned facts, I believe there are
some other security "issues" to solve for a complete coverage of the
"cloud" topic. Can you please make some additional statements
regarding the interaction with JAAS? To me it seems, that this is the
weakest part in the cloud related changes.

>>>> Let us know what you think.

Thanks for your effort. I highly appreciate your detailed thoughts and
I believe we should try to have a more active EG feedback from all
members!

Thanks,
markus