Proposal of the Project

idiotcanvasΑσφάλεια

17 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

100 εμφανίσεις


1

Proposal of the Project


Title of Project: Research and develop on JAVA Security Framework

Members:

Goal

and Objective:

Recently JAVA developer mainly use
to
the security
framework
to

enforce the security of products. Until now
,

the JAAS
was

the most
popular security framework and now the Apache
SHRIO

comes out to cover the
shortcoming of JAAS

and giving some beneficial aspect
s

for developer
. Also
Spring
security f
ramework has the secu
rity modules for
authentication and
access
-
control framework.

Even if the there are several java security framework,
people hasn’t known which security frameworks are suitable for their product.
Choosing the best framework during designing the architecture

is very important.
In this research, we will come up with the shortcoming and benefits of each
security framework and
offer users valuable information when they find out the
security framework with demo program.


Proposed approach
:

-

Study of the various
security framework

specification document
s

and
i
dentify
features of those frameworks.

o

JAAS(
Java Authentication and Authorization Service
)

o

Apache SHRIO

o

Spring Securit
y Framework

o

others

-

Case study: search and study products which adapted those security
framework

o

JBoss

o

Apache Felix
&

other Versions

o

others

-

Come up with vulnerabilities of each
security
framework and suggest the
solution to avoid it.

o

JAAS(
Java Authentication and Authorization Service
)

o

Apache SHRIO


2

o

Spring Security Framework

o

others

-

Implements demo programs using those frameworks

and
compare with each
secu
rity framework.


Proposed method for evaluation

-

Does the research have the useful information for developer
s

who
are
going
to choose
one of
security framework
.

-

How accurate
run

the demo program.


Time plan

-

Phase 1
:
22 Feb 2012


2 March

2012
-

Study of the technologies underlying
java Security Frameworks
specification document
and
i
dentify features of
those frameworks.

-

Phase 2
:
3 March
2012


9
M
arch
2012


Case study: search and study
products which adapted those security framework

-

Phase 3
:
12 March
2012


23 March

2012


Come up with vulnerabilities of
each security framework and suggest the solution to avoid it.

-

Phase 4
:
26 March
2012


20

April

2012


Implements demo programs using
those frameworks and compare with each security framework

in terms of
security.

-

Phase
5
:

2
3

April

2012


27

April

2012


Arrange the output and prepare
the presentation.


Resource:


Apache Shiro 1.2.0
(
http://shiro.apache.org/index.html
)


http://meri
-
stuff.blogspot.com/2011/03/apache
-
shiro
-
part
-
1
-
basics.html


http://docs.oracle.com/javase/1.4.2/docs/guide/security/jaas/JAASRefGuide.html


http://static.springsource.org/spring
-
security/site/


http://www.raistudies.com/spring
-
security
-
tutorial
-
acegi/


https://
community.jboss.org/wiki/JBossSX


Supplements
:


3

Apache Shiro
:

this

is a

Java security framework that offers developers an intuitive yet
comprehensive solution to authentication, authorization, cryptography, and session
management.

JAAS
:
the goal of this sec
urity framework is to offer both
authentication
and
authorization
of users
in order
to reliably and securely determine who is currently
executing Java code

and

to
ensure they have the access control rights

Spring security framework
:

This is
Java
/
Java EE

framework that
offers
authentication
,
authorization

and other security features for enterprise applications



Signature of Student






Signature of Supervisor

Date
:





Date: