CN105072111A - Method and device for java security verification in PaaS system - Google Patents

Abstract

The embodiment of the invention provides a method and a device for java security verification in a PaaS (Platform as a Service) system. The method comprises the following steps of: when a to-be-operated file needs to be operated, judging whether a security manager is configured; if the security manager is configured, obtaining an original policy file and an expanded policy file; according to an authority item list in the original policy file and the authority item list in the expanded policy file, performing original policy authority detection and expanded policy authority detection on the to-be-operated file, when all the authority items pass the detection, confirming that the to-be-operated file pass the security verification. According to the invention, flexible configuration of security policies can be realized and different security policies are configured for different needs, and expandability is high.

Description

Java safe verification method in PaaS system and device

Technical field

The present invention relates to field of computer technology, particularly relate to the java safe verification method in a kind of PaaS system and device.

Background technology

Along with the development of network, the mode providing the method for service namely to serve (SoftwareasaService, SaaS) by software for user changes the mode that namely platform serves (PlatformasaService, PaaS) into.In PaaS system, security strategy in java application program is defined by strategy (Policy) object, specific to the subclass in realization being a Policy, acquiescence is strategy file (PolicyFile), the realization that Java language program development tools bag (JavaDevelopmentKit, JDK) carries.The Policy of acquiescence realize be the configuration file of a reading policy to define security strategy, policy file comprises Keystore item and grant item.

When startup security manager, when security strategy inspection is carried out to the file called, for file reading, its logic as shown in Figure 1, perform the operation of a file reading, start security manager (SecurityManager), access controller context (AccessControllerContext) can obtain the call stack of current actuating logic, then check to each class in call stack, calling Policy herein, to realize acquiescence be file policy (FilePolicy), when inspection first is passed through, just continue second, until all inspections are all passed through, then think that these inspections are passed through, if have one to check do not check failure specifically by just thinking.

In above-mentioned safety verification strategy, the scope check strategy of acquiescence can only pre-define good strategy in configuration file, dynamic does not generate, for PaaS system, may occur that each user needs execution one independently security strategy judgement, this is just equivalent to each user scope check, if all write, meeting in configuration file is very loaded down with trivial details and content all too is many.

In above-mentioned security strategy, can only use the white list strategy configured, the authority write in policy is just equivalent to white list, represents to have execution authority to something for some class or jar.And blacklist can not be configured, but sometimes may be just in time contrary, user wishes that the authority be defined in configuration file does not allow to perform, and namely blacklist, now existing security strategy can not realize.

And in above-mentioned security strategy, for the number of times checked, the item number checked, rank of authority etc. can easily not carry out defining and changing, such as user wishes to a certain inspection by just not checked follow-up storehouse afterwards sometimes, or check that several times (such as check 100 times after) just no longer checked, or user wishes that authority also has rank, some authority should priority check etc., and existing security strategy can not realize.

Visible, in prior art, JDK gives tacit consent to the java safety verification strategy provided and can not configure different security strategies according to user's request flexibly, easily, the poor expandability of safety verification scheme, can not meet the needs that user security checks well.

Summary of the invention

In view of this, an object of the present invention is to provide the java safe verification method in a kind of PaaS system and device, can not flexible configuration to solve the security strategy inspection that exists in prior art, the problem of poor expandability.There is a basic understanding some aspects in order to the embodiment to disclosure, shown below is simple summary.This summarized section is not extensive overview, neither determine key/critical component or describe the protection range of these embodiments.Its sole purpose presents some concepts by simple form, in this, as the preamble of following detailed description.

The embodiment of the present invention provides the java safe verification method in a kind of PaaS system, comprising:

When needs treat operation file operate time, judge whether to be configured with security manager;

If be configured with security manager, obtain original strategy file and expanding policy file;

According to the authority items list in original strategy file and the authority items list in expanding policy file, treat operation file and carry out original strategy scope check and expanding policy scope check, when all authority items all check by time, confirm that the safety verification treating operation file passes through.

In some optional embodiments, described acquisition original strategy file and expanding policy file, specifically comprise:

Enable access controller, obtained the call stack information of current execution thread by access controller context;

Check each class in call stack successively, call the authorization functions in the protected field of described class, obtain original strategy file and expanding policy file; Described expanding policy file changes according to security strategy and carries out renewal amendment.

In some optional embodiments, the claim item that described expanding policy file comprises is at least one item in following authority items: static rights item and dynamic rights item.

In some optional embodiments, according to the authority items list in original strategy file and the authority items list in expanding policy file, treat operation file and carry out original strategy scope check and expanding policy scope check, specifically comprise:

Obtain the authority items list in original strategy file and the authority items list in expanding policy file;

Authority items list distinguished by role, the authority for different brackets creates different Permission Levels lists;

Treat operation file, according to the role of its correspondence, obtain Permission Levels list, carry out scope check successively according to Permission Levels.

In some optional embodiments, said method also comprises:

If when being configured with security manager, the operating right treating operation file checks, when operating right inspection by time, then perform the step of described acquisition original strategy file and expanding policy file.

The embodiment of the present invention also provides the device of the java safety verification in a kind of PaaS system, comprising:

Judge module, for treat when needs operation file operate time, judge whether to be configured with security manager;

Acquisition module, if for being configured with security manager, obtains original strategy file and expanding policy file;

Authentication module, for according to the authority items list in original strategy file and the authority items list in expanding policy file, treat operation file and carry out original strategy scope check and expanding policy scope check, when all authority items all check by time, confirm that the safety verification treating operation file passes through.

In some optional embodiments, described acquisition module, specifically for:

Enable access controller, obtained the call stack information of current execution thread by access controller context;

Check each class in call stack successively, call the authorization functions in the protected field of described class, obtain original strategy file and expanding policy file; Described expanding policy file changes according to security strategy and carries out renewal amendment.

In some optional embodiments, described acquisition module, specifically for:

The claim item that the described expanding policy file obtained comprises is at least one item in following authority items: static rights item and dynamic rights item.

In some optional embodiments, described authentication module, specifically for:

Obtain the authority items list in original strategy file and the authority items list in expanding policy file;

And authority items list is distinguished by role, the authority for different brackets creates different Permission Levels lists;

Treat operation file, according to the role of its correspondence, obtain Permission Levels list, carry out scope check successively according to Permission Levels.

In some optional embodiments, said apparatus also comprises:

Checking module, if for being configured with security manager time, the operating right treating operation file checks, when operating right inspection by time, then perform the step of described acquisition original strategy file and expanding policy file.

Java safe verification method in the PaaS system that the embodiment of the present invention provides and device, the method is when being configured with security manager, by original strategy file and expanding policy file, realize the original strategy inspection to band operation file and expanding policy inspection, thus the flexible configuration of security strategy can be realized, the convenient different demand for security for different user configures different security strategies, and can adjust at any time easily and change security strategy, by giving tacit consent to the expansion of the security strategy provided to JDK, meet the different safety verification demand of different user.

In order to above-mentioned and relevant object, will describe in detail and the feature particularly pointed out in the claims after one or more embodiment comprises.Explanation below and accompanying drawing describe some illustrative aspects in detail, and its instruction is only some modes in the utilizable various mode of principle of each embodiment.Other benefit and novel features become obvious by considering by reference to the accompanying drawings along with detailed description below, and the disclosed embodiments will comprise all these aspects and theirs is equivalent.

Accompanying drawing explanation

In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.

Fig. 1 is the logic diagram calling the inspection of file security strategy in prior art;

Fig. 2 is the flow chart of the java safe verification method in the embodiment of the present invention one in PaaS system;

Fig. 3 is the java safety verification logical schematic in the embodiment of the present invention one in PaaS system;

Fig. 4 is the flow chart of the java safe verification method in the embodiment of the present invention two in PaaS system;

Fig. 5 is the principle exemplary plot that in the embodiment of the present invention two, expanding policy checks;

Fig. 6 is the exemplary plot of self-defined permission class in expanding policy inspection in the embodiment of the present invention two;

Fig. 7 calls the exemplary plot that self-defined permission class realizes expanding policy inspection in the embodiment of the present invention two;

Fig. 8 is the structural representation of the java safety verification device in the embodiment of the present invention in PaaS system.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.

The following description and drawings illustrate specific embodiment of the invention scheme fully, to enable those skilled in the art to put into practice them.Other embodiments can comprise structure, logic, electric, process and other change.Embodiment only represents possible change.Unless explicitly requested, otherwise independent assembly and function are optional, and the order of operation can change.The part of some embodiments and feature can be included in or replace part and the feature of other embodiments.The scope of embodiment of the present invention comprises the gamut of claims, and all obtainable equivalent of claims.In this article, these embodiments of the present invention can be represented with term " invention " individually or always, this is only used to conveniently, and if in fact disclose the invention more than, be not the scope that automatically will limit this application is any single invention or inventive concept.

In order to solve in the java safety verification process that exists in prior art, different security strategies can not be configured neatly, the problem of the poor expandability of safety inspection, the embodiment of the present invention provides the java safe verification method in a kind of PaaS system, the method realizes the flexible configuration of safety verification by the strategy file of expansion, makes safety verification strategy have good extensibility.

Embodiment one

Java safe verification method in the PaaS system that the embodiment of the present invention provides, as shown in Figure 2, as shown in Figure 3, the method comprises the steps: its logic diagram its realization flow

Step S101: when needs treat operation file operate time, judge whether to be configured with security manager.

Security manager is the entrance of safety inspection, therefore, treating operation file when operating, first judging whether be configured with security manager, the need of carrying out safety inspection checking.

Such as: as shown in Figure 3, perform the operation of a file reading, then enter security manager (SecurityManager) link.

Step S102: if be configured with security manager, obtains original strategy file and expanding policy file.

Enable access controller, obtained the call stack information of current execution thread by access controller context; Check each class in call stack successively, call the authorization functions in the protected field of described class, obtain original strategy file and expanding policy file; Wherein, expanding policy file changes according to security strategy and carries out renewal amendment.

Expanding policy file can modify according to security strategy demand, upgrade, and comprises and adds security strategy, deletion security strategy, change security strategy etc.

Such as shown in Fig. 3, perform the call stack information that access controller context (AcessControllerContext) obtains current execution thread, such as: com.sina.sae.test.Reader, com.sina.sae.test.TestFile, java.lang.Thread etc.

Step S103: according to the authority items list in original strategy file and the authority items list in expanding policy file, treats operation file and carries out original strategy scope check and expanding policy scope check.

Obtain the authority items list in original strategy file and the authority items list in expanding policy file, according to the permissions list obtained, carry out scope check item by item, treat operation file when carrying out safety inspection item by item, can according to certain rule and policy, such as Permission Levels from high to low, or other rule and policy checks item by item.

Optionally, treat the process that operation file carries out original strategy scope check and expanding policy scope check can comprise:

Obtain the authority items list in original strategy file and the authority items list in expanding policy file; And authority items list is distinguished by role, the authority for different brackets creates different Permission Levels lists; Treat operation file, according to the role of its correspondence, obtain Permission Levels list, carry out scope check successively according to Permission Levels.

Such as shown in Figure 3, perform Policy and check (original) and Policy inspection (expansion).

Step S104: when all authority items all check by time, confirm that the safety verification treating operation file passes through.

Only have when all authority items all check by time, just think that the safety verification treating operation file passes through, as long as there is any one inspection not pass through, all can report an error, throw exception.

Strategy file in above-described embodiment comprises original strategy file and expanding policy file, and strategy file comprises cipher key store (Keystore item) and grant item.Wherein,

Keystore item is the database depositing private key and associated digital certificate (such as verifying the X.509 certificate chain of corresponding PKI).Keystore specified in strategy file is for searching signer's PKI specified in the grant item of this file.If a certain grant item specifies signer's another name, then keystore item must be contained in strategy file.This can be positioned at any position beyond file authorizing item.Its grammer is as follows:

keystore"some_keystore_url","keystore_type"；

Wherein " some_keystore_url " specifies the URL position in key warehouse, and " keystore_type " specifies the type in key warehouse.URL is for strategy file position.Therefore, if in security attribute file named policer file in the following manner:

policy.url.1＝http://foo.bar.com/fum/some.policy

And containing following item in strategy file:

keystore".keystore"；

Key warehouse will be loaded from lower column position:

http://foo.bar.com/fum/.keystore

URL also can be absolute URL.

About grant item, usual run time version comes from certain " code source ", by the object encoding of CodeSource type.Code source not only comprises the source position (URL) of code, but also comprises comprising and signing quoting of the certificate of writing the corresponding PKI of the private key of code.Certificate in code source is quoted by the symbol another name in user key warehouse.

Therefore, each grant item comprises one or more " authority items ", before for optional codeBase and signedBy name/it is right to be worth, be used to specify the code wanting granted rights.The basic format of grant item is as follows:

Signature field (signedBy) value represents the certificate another name be stored in key warehouse.The digital signature of PKI in this certificate on Validation Code; User can to the code granted rights of being signed by private key (private key corresponds to the PKI in the keystore item specified by this another name).The value of signedBy can be by multiple another names of CSV.Such as " Adam, Eve, Charles ", its implication is " Adam, Eve and Charles sign "; Relation between them be AND (with) but not OR (or).Or rather, the implication of " code of Adam signature " statement is " have the code containing class file in jar file, this jar file is by the private key signature of another name corresponding to the Xiang Zhongyu PKI of Adam in key warehouse ".SignedBy territory is optional, if this is because omit this territory, then represents " any signer ".Code whether has signature or by whose signature, all it doesn't matter.

What codeBase value represented is code source position; User can to the code authorization from this position.Empty codeBase item represents " any code "; Code derives from where, and it doesn't matter.

grant{

permissionjava.io.FilePermission"/data0/test/-","read"；

}

This section of coded representation has " read right " of All Files under execution/data0/test/ catalogue for arbitrary code above.

grantcodeBase"file:${jetty.home}/lib/-"{

permissionjava.io.FilePermission"/etc/-","read"；

}

This unitary code represents to only have all jar files under the lib catalogue of jetty root (jetty.home) to read by the All Files under right/etc/ catalogue above.

Embodiment two

The embodiment of the present invention provides the concrete methods of realizing example of the java safety verification in a kind of PaaS system, and its flow process as shown in Figure 4, comprises the steps:

Step S201: start the flow process treated operation file and carry out operating.

Step S202: judge whether to be configured with security manager.

If so, step S203 is performed; If not, step S211 is performed.

In Java, the inspection of security strategy is from security manager, and code comprises security manager verification portion, has then checked whether corresponding authority when being configured with security manager, if do not have configuration, can not check that the reading for anyone is all passed through.

The mode of a common application program launching security manager:

java-Djava.security.manager-Djava.security.policy＝someURLSomeApp

First-D represents and enables security manager, and second parameter is the position of policy file, and last SomeApp is the title of application.

Use as under type if web server starts (such as jetty)

java-jarstart.jarOPTIONS＝Server,jsp,deploy,rewrite,policy,ext/usr/local/jetty/etc/jetty-policy.xml

The logic that Web server performs security manager with common applications is the same.

During the actuating logic of security manager inside, can call access controller (AccessController) as finally call AccessControllerContext to have removed scope check.

Step S203: the operating right treating operation file checks.

If when being configured with security manager, enter first safety inspection.Security manager part is the entrance of safety inspection, and the fineness ratio checked here is comparatively thick, passes through or does not pass through, do not have the differentiation of role, can only do some inspections of overall importance here for any inspection event.When the operating right such as treating operation file checks, its operating right can comprise and reads authority, at least one called in the authorities such as authority.

Such as: have reading authority for all users of reading " com.sina.sae.testproperty " this system data.

For the code calling local function (java virtual machine call C and C++), unsafe in PaaS environment, in general also this demand is seldom had, so all forbid for any user (being web server or common application), security manager is directly dished out an exception.

Step S204: operating right checks whether and passes through.

If so, perform step S205, enter the process of acquisition strategy file; If not, step S212 is performed.

Step S205: obtain original strategy file and expanding policy file.

The operating right inspection of security manager, it is the access check of first coarseness, when inspection is passed through together for this, enter further scope check, scope check is realized by the inspection policy in strategy file, therefore need acquisition strategy file, wherein can be realized the flexible configuration of inspection policy by expanding policy file, change, interpolation, the authority items of deleting in security strategy.

Step S206: enable access controller, obtains the call stack information of current execution thread by access controller context.

Step S207: check each class in call stack successively, call the authorization functions in the protected field of class, obtain original strategy file and expanding policy file.

Step S206 and step S207 achieves and obtains original strategy file and expanding policy file.AccessControlContext can get the call stack information of current execution thread; then each class in call stack is checked successively; and call the imple () function of the protected field (ProtectedDomain) of this class; this meeting trigger policy (policy) class (acquiescence is PolicyFile), can do the expansion of a strategy (policy) here.Simultaneously original policy (PolicyFile) is also retained when expansion, like this can safety inspection scheme before compatibility.When loading policy and starting virtual machine or WEB server, policy file (policy file that is original and expansion) can be read, then create the policy of expansion and original policy, and old rights format is loaded in original policy set.

Step S208: obtain the authority items list in original strategy file and the authority items list in expanding policy file.

All some authority items can be had, according to the scope check that these authority items can realize item by item in original strategy file and expanding policy file.

Step S209: treat operation file and carry out original strategy scope check and expanding policy scope check.

The process one of carrying out scope check occupies authority items and realizes, and can have a variety of checking process, as long as each all can be carried out check, the checks sequence concrete for authority items can be undertaken by certain rule, also can carry out at random.

Step S208 and step S209 achieves according to the authority items list in original strategy file and the authority items list in expanding policy file, treats operation file and carries out original strategy scope check and expanding policy scope check.

Step S210: whether all authority items all check is passed through.

If so, step S211 is performed; If not, step S212 is performed.

Step S211: treat operation file and operate

When all authority items all check by time, confirm that the safety verification treating operation file passes through.

Step S212: terminate the operation treating operation file.

The java safe verification method that the embodiment of the present invention two provides, can configure according to authorization policy for after strategy (policy) file modification, be exemplified below: (still compatible form in the past, concrete follow-up introduction)

Original just white list mechanism, changes white list and blacklist alternative now into.

Role represents that this authority is applied to those roles, if for empty, this hurdle represents that role is called null.

0-255 is the grade 0 of authority is minimum, and 255 is the highest.High priority authority should preferentially perform, and is defaulted as 0.

Skip represent when this authority perform by after, skip follow-up stack checking, acquiescence do not fall.

Type is permission type, comprises static rights, dynamic rights, checks number of times.

Static static rights (being defaulted as static state)

Dynamic dynamic rights (dynamic rights there will not be in configuration file, and the operation state with program adds), the authority of dynamically adding follows the authority defined in policy file the same:

whilelist/blacklist[role][0-255][skip]dynamic

permission_class_name"action"signedBy"signer_names"；

For an extreme situation, all authorities all can be made dynamic rights, add to dynamically in policy permissions list when program is run

Check_times=[numeral], when just no longer performing this scope check after inspection several times, numeral should be less than 2 31 powers-1 (2147483647)

Permission_class_name " action " signedBy " signer_names " is the same with the logic before not having to expand.Wherein permission_class_name is self-defining permission (permission) class, this class should be inherited java and allow safely (java.security.Permission), its " action " is below necessary, represent the operation needing to perform, a concrete operations (optional) can be followed again after action, such as read (read), write (write), represent for reading during this action or write or deleting (delete), perform (execute).

Self-defining permission class can arbitrary extension not requirement.But Java language program development tools bag license (JDKPermission) must be comprised, be used for the permission ensureing that JDK is original, to ensure the compatibility to raw security checking.

As shown in Figure 5, for realizing the exemplary plot of expanding policy inspection in the present embodiment according to role.Calling graph before policy expansion in Fig. 5 please refer to Fig. 3.The policy of expansion divides authority (role's set) by role's subregion.And create different Permission Levels lists for the authority of different brackets, when some scope checks call policy, suitable role can be found according to role's set of authority; Permission Levels list is obtained again, the high-grade authority of preferential execution after finding suitable role, if any one scope check is made mistakes, throw exception, the scope check after stopping.

Such as: for any authority p, if p is white list and can not find corresponding authority in the role, permissions list of correspondence, then think that current entitlement is not verified; Otherwise be verified.Code definition white list below, role is test, Permission Levels are 0, skip subsequent examination, just do not reexamine for 3rd time when checking that number of times is 2, authority class is com.sina.sae.permission.SaeSocketPermission, and class name only creates self-defining class as required as in demonstration reality,, be then verified when the permission match from self-defined authority and definition imported into time.Example code is as follows:

whilelisttest0skipcheck_times＝2com.sina.sae.permission.SaeSocketPermission"*；*","connected"；

Again such as: for any authority r, if r is blacklist and can not find corresponding authority in the role, permissions list of correspondence, then think that current entitlement is verified; Otherwise checking is not passed through.Code below (eliminate role, checking number of times, skips subsequent authentication etc.) is represented, when the authority configuration of the self-defined authority imported into and definition matches, current authentication failure (throw exception):

blacklistcom.sina.sae.permission.SaeFilePermission"/data0/test/test.log","read"；

It should be noted that when dynamic rights adds to only have administrator role just can add, the authority of dynamically adding can from database, other main frames of network.Dynamic interpolation authority just occurs in order to convenience, but whether correctly to need this authority source of ensureing to add and authority itself, system may be caused to occur safety problem if dynamically with the addition of an incorrect authority.

In said method, for the entrance of scope check, security manager, the authority class carried by the JDK of acquiescence is packed, and the authority class of all expansions all inherits java.security.Permission.

Perform step in Fig. 6 in detail and please refer to Fig. 3.The security manager of expansion all can create self-defining permission (Permission) class for all operations, such as SaeFilePermission, SaeSocketPermission, the permission of JDK is packed simultaneously, for the FilePermission that JDK carries, RuntimePersmission, packs in JDKPermission class.

When performing Policy and checking, self-defining Permission can be imported into, now can check if current Permission is to liking JDKPersmission, then separate the Persmission that packaging takes out original JDK, such as FilePermission goes to give policy and goes checking; If the Policy that the self-defined Permission after expansion then gives expansion goes checking.

As just illustrated the example of self-defined permission class in expanding policy inspection in Fig. 6, the example that self-defined permission class realizes expanding policy inspection is called as Fig. 7 illustrates, Policy is performed for self-defining Permission and checks that (expansion) and Policy check (original), realize original strategy inspection and expanding policy inspection.

For skipping subsequent examination logic, define skip subsequent examination when policy checking is checked through certain self-defining Permission, and perform and pass through, just should perform and return, do not reexamine the class in follow-up storehouse, such as go up inspected in Fig. 7 arrived Article 2 (check from the bottom up thus first that check is java.lang.Thread, com.sina.sae.test.TestFile, so uppermost several just no longer checked.Example is as follows: (eliminating last signedBy part):

whilelisttest0skipcheck_times＝10com.sina.sae.permission.SaePropertyPermission"test","read"；

For only checking several times: if only check 10 times (comprising 10) when defining in second class com.sina.sae.test.TestFile Permission in storehouse, then when execution 11 times time, this authority Permission does not then reexamine execution to be passed through, but the class com.sina.sae.test.Reader above storehouse also needs to reexamine, check if define to skip simultaneously and only check several times, when com.sina.sae.test.TestFile checks after 10 times, just reexamining all whole inspection logics skipped below for the 11st time and directly return correctly.

Based on same inventive concept, the embodiment of the present invention also provides the device of the java safety verification in a kind of PaaS system, and the structure of this device as shown in Figure 8, comprising: judge module 801, acquisition module 802 and authentication module 803.

Judge module 801, for treat when needs operation file operate time, judge whether to be configured with security manager.

Acquisition module 802, if for being configured with security manager, obtains original strategy file and expanding policy file.

Authentication module 803, for according to the authority items list in original strategy file and the authority items list in expanding policy file, treat operation file and carry out original strategy scope check and expanding policy scope check, when all authority items all check by time, confirm that the safety verification treating operation file passes through.

Preferably, above-mentioned acquisition module 802, specifically for: enable access controller, obtained the call stack information of current execution thread by access controller context; Check each class in call stack successively, call the authorization functions in the protected field of class, obtain original strategy file and expanding policy file; Wherein, expanding policy file changes according to security strategy and carries out renewal amendment.

Preferably, above-mentioned acquisition module 802, the claim item that the expanding policy file specifically for obtaining comprises is at least one item in following authority items: static rights item and dynamic rights item.

Preferably, above-mentioned authentication module 803, specifically for obtaining the authority items list in original strategy file and the authority items list in expanding policy file; And authority items list is distinguished by role, the authority for different brackets creates different Permission Levels lists; Treat operation file, according to the role of its correspondence, obtain Permission Levels list, carry out scope check successively according to Permission Levels.

Preferably, above-mentioned java safety verification device also comprises:

Checking module 804, if for being configured with security manager time, the operating right treating operation file checks, when operating right inspection by time, then perform the step obtaining original strategy file and expanding policy file.

Java safe verification method in the PaaS system that the embodiment of the present invention provides and device, main in security manager and policy verification portion for after existing scheme extension, realize configuring safety verification strategy flexibly by expansion security strategy, the expansion of more safety verification strategy aspect can be realized.

Unless otherwise specific statement, term such as processes, calculate, computing, determine, to show etc. action and/or the process that can refer to one or more process or computing system or similar devices, the data manipulation that the physics (as electronics) be expressed as in the register for the treatment of system or memory is measured by described action and/or process and be converted into that the memory, register or other this type of informations that are expressed as treatment system similarly store, other data of physical quantity in transmitting or display device.Information and signal can use any one in multiple different techniques and methods to represent.Such as, the data mentioned in the description on run through, instruction, order, information, signal, bit, symbol and chip can represent with voltage, electric current, electromagnetic wave, magnetic field or particle, light field or particle or its combination in any.

Should be understood that the particular order of the step in disclosed process or level are the examples of illustrative methods.Based on design preference, should be appreciated that, the particular order of the step in process or level can be rearranged when not departing from protection range of the present disclosure.Appended claim to a method gives the key element of various step with exemplary order, and is not to be limited to described particular order or level.

In above-mentioned detailed description, various feature is combined in single embodiment together, to simplify the disclosure.This open method should be interpreted as reflecting such intention, that is, the embodiment of theme required for protection needs feature more more than the feature clearly stated in each claim.On the contrary, as appending claims reflect, the present invention is in the state fewer than whole features of disclosed single embodiment.Therefore, appending claims is clearly merged in detailed description hereby, and wherein every claim is alone as the preferred embodiment that the present invention is independent.

Those skilled in the art it is also understood that various illustrative box, module, circuit and the algorithm steps combining embodiment herein and describe all can be embodied as electronic hardware, computer software or its combination.In order to the interchangeability between hardware and software is clearly described, all carry out usually describing around its function to various illustrative parts, frame, module, circuit and step above.Be embodied as hardware as this function or be embodied as software, the design constraint depending on specific application and whole system is applied.Those skilled in the art for each application-specific, can realize described function in the mode of accommodation, but, thisly realize decision-making and should not be construed as and deviate from protection range of the present disclosure.

For performing the general processor of function described in the application, digital signal processor (DSP), application-specific integrated circuit (ASIC) (ASIC), field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components or its combination in any, can realize or perform and combine various illustrative logic diagram, module and circuit described by embodiment herein.General processor can be microprocessor, or this processor also can be the processor of any routine, controller, microcontroller or state machine.Processor also may be embodied as the combination of computing equipment, such as, and the combination of the combination of DSP and microprocessor, multi-microprocessor, one or more microprocessor and DSP kernel, or other this kind of structure any.

Step in conjunction with the method described by embodiment herein or algorithm directly can be presented as hardware, the software module performed by processor or its combination.Software module can be arranged in the storage medium of RAM memory, flash memory, ROM memory, eprom memory, eeprom memory, register, hard disk, mobile disk, CD-ROM or other form any well known in the art.Exemplary storage medium is connected to a processor, thus enables processor from this read information, and can to this storage medium written information.Certainly, storage medium also can be the part of processor.Processor and storage medium can be arranged in ASIC.This ASIC can be arranged in user terminal.Certainly, processor and storage medium also can be present in user terminal as discrete assembly.

For enabling any technical staff in this area realize or use the present invention, above disclosed embodiment is described.To those skilled in the art; The various alter modes of these embodiments are all apparent, and General Principle defined herein also can be applicable to other embodiment on the basis not departing from spirit of the present disclosure and protection range.Therefore, the disclosure is not limited to the embodiment provided herein, but consistent with the widest scope of principle disclosed in the present application and novel features.

For software simulating, the technology described in the application can realize by the module (such as, process, function etc.) performing function described in the application.These software codes can be stored in memory cell and be performed by processor.Memory cell can be implemented in processor, also can be implemented in outside processor, and in the case of the latter, it is coupled to processor by correspondence via various means, and these are all well known in the art.

And various aspects as herein described or feature can realize as the method for the programming of the standard of use and/or engineering, device or goods.Term as used herein " goods " to comprise the computer program that can visit from any computer-readable equipment, carrier wave or medium.Such as, computer-readable medium can include but not limited to magnetic storage apparatus (such as, hard disk, floppy disk, tape etc.), CD (such as, compact discs (CD), digital versatile disc (DVD) etc.), smart card and flash memory device (such as, EPROM, card, rod, Keyed actuator etc.).In addition, various storage medium described herein is expressed as one or more equipment for storing information and/or other machine readable media.Term " machine readable media " includes but not limited to store, comprise and/or to carry the wireless channel of instruction and/or data and other medium various.

Description above comprises the citing of one or more embodiment.Certainly, all possible combination describing parts or method in order to describe above-described embodiment is impossible, but those of ordinary skill in the art should be realized that, each embodiment can do further combinations and permutations.Therefore, embodiment described herein is intended to contain all such changes, modifications and variations fallen in the protection range of appended claims.In addition, " comprise " with regard to the term used in specification or claims, the mode that contains of this word is similar to term and " comprises ", just as " comprising, " be in the claims used as link word explain such.In addition, be used in any one term in the specification of claims " or " be to represent " non-exclusionism or ".

Above-described embodiment; object of the present invention, technical scheme and beneficial effect are further described; be understood that; the foregoing is only the specific embodiment of the present invention; the protection range be not intended to limit the present invention; within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (10)

1. the java safe verification method in PaaS system, is characterized in that, comprising:

When needs treat operation file operate time, judge whether to be configured with security manager;

If be configured with security manager, obtain original strategy file and expanding policy file;

According to the authority items list in original strategy file and the authority items list in expanding policy file, treat operation file and carry out original strategy scope check and expanding policy scope check, when all authority items all check by time, confirm that the safety verification treating operation file passes through.

2. the method for claim 1, is characterized in that, described acquisition original strategy file and expanding policy file, specifically comprise:

Enable access controller, obtained the call stack information of current execution thread by access controller context;

Check each class in call stack successively, call the authorization functions in the protected field of described class, obtain original strategy file and expanding policy file; Described expanding policy file changes according to security strategy and carries out renewal amendment.

3. the method for claim 1, is characterized in that, the claim item that described expanding policy file comprises is at least one item in following authority items: static rights item and dynamic rights item.

4. the method for claim 1, is characterized in that, according to the authority items list in original strategy file and the authority items list in expanding policy file, treats operation file and carries out original strategy scope check and expanding policy scope check, specifically comprise:

Obtain the authority items list in original strategy file and the authority items list in expanding policy file;

Authority items list distinguished by role, the authority for different brackets creates different Permission Levels lists;

Treat operation file, according to the role of its correspondence, obtain Permission Levels list, carry out scope check successively according to Permission Levels.

5. the method as described in as arbitrary in claim 1-4, is characterized in that, also comprise:

If when being configured with security manager, the operating right treating operation file checks, when operating right inspection by time, then perform the step of described acquisition original strategy file and expanding policy file.

6. the java safety verification device in PaaS system, is characterized in that, comprising:

Judge module, for treat when needs operation file operate time, judge whether to be configured with security manager;

Acquisition module, if for being configured with security manager, obtains original strategy file and expanding policy file;

Authentication module, for according to the authority items list in original strategy file and the authority items list in expanding policy file, treat operation file and carry out original strategy scope check and expanding policy scope check, when all authority items all check by time, confirm that the safety verification treating operation file passes through.

7. device as claimed in claim 6, is characterized in that, described acquisition module, specifically for:

Enable access controller, obtained the call stack information of current execution thread by access controller context;

Check each class in call stack successively, call the authorization functions in the protected field of described class, obtain original strategy file and expanding policy file; Described expanding policy file changes according to security strategy and carries out renewal amendment.

8. device as claimed in claim 6, is characterized in that, described acquisition module, specifically for:

The claim item that the described expanding policy file obtained comprises is at least one item in following authority items: static rights item and dynamic rights item.

9. device as claimed in claim 6, is characterized in that, described authentication module, specifically for:

Obtain the authority items list in original strategy file and the authority items list in expanding policy file;

And authority items list is distinguished by role, the authority for different brackets creates different Permission Levels lists;

Treat operation file, according to the role of its correspondence, obtain Permission Levels list, carry out scope check successively according to Permission Levels.

10. device as claimed in claim 6, is characterized in that, also comprise:

Checking module, if for being configured with security manager time, the operating right treating operation file checks, when operating right inspection by time, then perform the step of described acquisition original strategy file and expanding policy file.