Java Forum

Ask Question   UnAnswered
Home » Forum » Java       RSS Feeds

Any solution on "Implementing a Security Partition"?

  Asked By: Norma    Date: Sep 05    Category: Java    Views: 631

There exists an enterprise scaled application which adminNO1 should
be conducted through a specific server and other admins login by
another srver; inorder to satisfy some security services.

Does any one have any idea or experience to imlement the issue?

I need something like this:

A security partition is a DCAM and associated managed servers that
use a CAM account that is different than other DCAMs and managed
servers in the same configuration group. Security partitioning can be
used to enable different administrator groups to manage different
resources within a single domain or across multiple domains. The
account used for the CAM account on the DCAM must have administrator
rights on the servers that it manages. You can have up to 10 security-
partitioned DCAMs within a single configuration group.

After adding a new DCAM using a security-partitioned CAM account,
remove all unnecessary domain administrators from the new DCAM and
the managed servers. This prevents unauthorized access to your
security-partitioned managed nodes. You should also maintain
different OnePointOp group memberships than the other DCAMs in the
configuration group.

You may see this here



5 Answers Found

Answer #1    Answered By: Pravat Jainukul     Answered On: Sep 05

Please explain the deployment environment of your application  and
the technologies that you used for implementing  your server  and
client. For different platforms and different implementations, different
soloutions and technologies may be used for implementing and managing security  domains and policies.

Answer #2    Answered By: Rocco Anderson     Answered On: Sep 05

we use
IntellijIdea 6.0

I hope it is useful to say:

There are some managements like admin, merchant, ... in web layer and
now we want to run them seperately on diferent servers;
1_We have some shared resources and files.
2_It is important to being careful about redunduncy because a trivial
change may bring about to change all managements' sourcecodes.

Answer #3    Answered By: Scott Simmons     Answered On: Sep 05

If you just want to put access  limit to files and resources or services,
you do not need to deply and run your application  on different servers.
You can use JBoss security  and login  modules for put access limit on resouces and services  in both web layer and ejb layer. You can define and configure users and roles for your system and configure resource access policy for web resources and components using jboss login module for web layer. Also you can do the same for services in ejb layer and identify the services that each user with specified system role, can access and execute. If you have a constraint to run system on different servers, you can use ejb clustering that JBoss proviedes and for each ejb server  configure different security policy.

Answer #4    Answered By: Raju Srinivas     Answered On: Sep 05

are you trying to cluster the app server  or partition the system resources? because what you ask is clustering but the note you pasted at the end is about partitioning,

answer to clustering is obvious so I make an assumption that you want to do the latter (partitioning). I have a few suggestions:

1) one solution  would be use to app server partitioning. this bounds to the functionalities that the your app server provides when partitioning the app server. every partition is configured to have its own set of resources and security  configuration. this seems to be a flexible solution

2) however depending on your deployment strategy, you might also want to use the OS capabilities. in unix based systems, you might consider 'zone' or 'rbac' and to deploy the app server on different zones and that will give you the freedom of configuring zone specific  privileges which would then be specific to the app server deployed on that zone

3) another thing that comes to mind is to do this on an ldap server to dispatch the requests to appropriate set of functionalities. but this means to actually implement the dispatcher for this on ldap server. this solution seems to be a bit exhaustive but you might get benefits of specific implementations of ldap that has this built-in

some might say to enlist privileges in deployment desc, which I guess could be a bad idea  cause it might screw up the functionality flows and it is hard to control

Answer #5    Answered By: Neil Turner     Answered On: Sep 05

I think repository engines will help you to achieve secured partitioned automatic version controlled resources. All redundant documents and resources are trace able too. Jackrabbit is well known and rich in API for example.

Didn't find what you were looking for? Find more on Any solution on "Implementing a Security Partition"? Or get search suggestion and latest updates.