GlassFish - World's first Java EE 7 Application Server


GlassFish Server Open Source Edition 3.1 - Security One Pager

1. Introduction

1.1. Project/Component Working Name:

GlassFish Server Open Source Edition 3.1 Security

1.2. Name(s) and e-mail address of Document Author(s)/Supplier:

Kumar Jayanti (vbkumar.jayanti@sun.com)

1.3. Date of This Document:

05/21/2010

2. Project Summary

2.1. Project Description:

GlassFish V3.1 Security.

2.2. Risks and Assumptions:

3. Problem Summary

3.1. Problem Area:

Security module in V3.1 would address the following high-level problems.

1. Security in Cluster Mode
2. Integration of Oracle Access Manager (OAM) with GlassFish V3 via JSR-196
3. Glassfish3.1(Metro2.1)Interoperability with OWSM (Oracle WebServices Manager)
4. Restructuring of CSIv2 code to align with the ORB layer changes planned
5. New Features and BugFixes in the core security framework of GlassFish V3.1
6. WebLogic Deployment Descriptor Support

3.2. Justification:

Clustering support is a release driver for V3.1. Support for Oracle Access Manager and WebLogic Deployment Descriptor is considered strategic.

The ORB team has proposed a restructuring of the ORB code with a view to unify the different execution paths within the ORB and specifically with respect to CSIv2, so the corresponding code in security module that handles security for IIOP requests will need to be restructured to align with the ORB changes.

The new features and bug-fixes are intended to improve the overall security, remove some limitations that existed in earlier releases and enhance the feature set of GlassFish Security.

4. Technical Description:

4.1. Details:

The details of the problem-areas described in 3.1 above are as follows.

4.1.1 Security in Cluster Mode

Security in Cluster Mode is discussed in detail in the 3.1ClusteringSecurity Design

4.1.2 Integration of Oracle AccessManager (OAM)

The design work for Oracle AccessManager integration is in progress and more details about the initial proposed design can be accessed here.

4.1.3 Interoperability with OWSM

This task is about demonstrating interoperability with Oracle Webservice Manager (OWSM). The Interop Scenarios have been defined by Oracle Product Management and mostly involve invoking the Metro Webservices Security Component with various configurations of the Oracle/WLS/OWSM stack.

The work is being tracked here.

4.1.4 Restructuring of CSIv2 code to align with planned ORB changes

Product Management for V3 had mentioned their opinon that customers use IIOP internally in a second or third tier architecture, so CSIv2 FOLB can be dropped from the GF 3.1 release. The ORB team however has proposed a restructring of the ORB code w.r.t CSIv2 because it has the potential to clean up and simplify the ORB <->GF interface, and this is important to the ORB team both for sustaining support and for things like properly handling isLocal() (CR:6919275). The restructuring would focus on the ORB-related parts of CSIv2 so that the ORB is more directly handling the CSIv2 service contexts
and tagged component. This will make is easier to unify the handling of secure and non-secure IIOP failover, and also lay a foundation for migrating to Grizzly for the ORB transport. The goal is that using CSIv2 from the ORB should be done simply by passing some new policies into the EJB POAs when they are created.

In addition an issue in GlassFish V2.X that has come to notice of V3 development team on 5/6/2010 (CR :6913736) seems to suggest that there is a potential design flaw in the ConnectionContext related classes being used by the CSIv2 Interceptors.

The primary focus of CSIv2 work then is :

1. coordinate with ORB team on restructing CSIv2 code between ORB and GF, this should also eventually fix CR:6919275
2. Fix issue CR :6913736

Additional details on planned ORB changes w.r.t CSIv2 can be found here

4.1.5 New Features and BugFixes in GlassFish V3.1 Security

The following new security related features and bugfixes are planned for GlassFish V3.1.

1. Enhanced security of the GF MasterPassword
2. Cleanup universal grants in server.policy
3. Extend Certificate realm to allow custom validation and group assignment based on the recieved client certificate in an SSL Mutual Authentcation.
4. Finalize the support for PAM Realm in V3.1. This will allow secure apps deployed on V3.1 to authenticate its users against the native Solaris/Linux users list.
5. Use of Tubes in GlassFish instead of Pipes for supporting Asychrony.
6. Making DevTests or a subset of it work in Embedded Mode
7. Localization and Message ID's of INFO Logs
8. Module imported/exported packages cleanup

These features are being tracked in the V3.1Security Wiki along with Milestone assignment and other details.

More details of the above 8 features are below.

4.1.5.1 Enhanced security of the GF MasterPassword

GlassFish V2.x and GlassFish V3.0 provide access to the MasterPassword of the server via sytem properties javax.net.ssl.keyStorePassword and javax.net.ssl.trustStorePassword. The syntax of the Java Permissions does not support exceptions and the current permissions in the server.policy file allow read, write of all properties.

This is a problem since this means any deployed application can access the GF MasterPassword.

There are two solutions possible :
1. In the Custom Security Manager make access control checks for specific access to these Properties using a permission that is not granted to deployed applications.
2. Remove dependency on these properties.

We are following approach (2) and have restructured code in Admin and Security Modules that deal with this. The final piece is to fix how Grizzly gets this information securely. There is also a JarSigner usage in AppClient that expects a password from the SecuritySupport SPI which needs to be changed.

4.1.5.2 Cleanup Universal grants in Server.policy

This work will look at the server.policy and cleanup grants to applications and untrusted code. The grants that exist today for all applications are as follows :

//(1)Loading MBeans from anywhere, to take care of side effects of 6235678.
grant {
    permission javax.management.MBeanTrustPermission "register" ;
};

//(2) Basic set of required permissions granted to all remaining code
grant {
    //Workaround for bugs #6484935, 6513799
    permission java.lang.RuntimePermission "getProtectionDomain";
    permission com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission "access";
    permission java.util.PropertyPermission "*", "read,write";

    permission java.lang.RuntimePermission  "loadLibrary.*";
    permission java.lang.RuntimePermission  "queuePrintJob";
    permission java.net.SocketPermission    "*", "connect";
    permission java.io.FilePermission       "<<ALL FILES>>", "read,write";

        // work-around for pointbase bug 4864405      
        permission java.io.FilePermission "${com.sun.aas.instanceRoot}${/}lib${/}databases${/}-", "delete";
        permission java.io.FilePermission "${java.io.tmpdir}${/}-", "delete";

    permission java.util.PropertyPermission "*", "read";

    permission java.lang.RuntimePermission    "modifyThreadGroup";
    permission java.lang.RuntimePermission    "getClassLoader";
    permission java.lang.RuntimePermission    "setContextClassLoader";
    permission javax.management.MBeanPermission "[com.sun.messaging.jms.*:*]", "*"; 
};


// (3) Following grant block is only required by Connectors. If Connectors
// are not in use the recommendation is to remove this grant.
grant {
        permission javax.security.auth.PrivateCredentialPermission "javax.resource.spi.security.PasswordCredential * \"*\"","read";
};

//(4) Following grant block is only required for Reflection. If Reflection
// is not in use the recommendation is to remove this section.
grant {
    permission java.lang.RuntimePermission "accessDeclaredMembers";
};

//(5) Permissions to invoke CORBA objects in server
grant {
    permission com.sun.enterprise.security.CORBAObjectPermission "*", "*";
};

A few permissions in (2) and permission (3) are the primary focus of this task.

The GlassFish Security Review has recommended that a Security Guide be produced which documents the application's security mechanisms and outlines how to install and manage the application securely. GlassFish Product management has defined 3.1 as the target release for the Guide. Documentation on what components/frameworks would be affected when any of the 5 grants are removed/altered would be part of the Security Guide. This would allow GlassFish administrator to better secure the instance and applications running on it.

1. The Permissions in (2) allow all applications to read and write all properties and read and write all files on the FileSystem.

permission java.util.PropertyPermission "*", "read,write";
 permission java.io.FilePermission       "<<ALL FILES\>>", "read,write";

The permission to read and write ALL FILES can be problematic, since a malicious application can then try and fill the disk. Ofcourse OS level permissions can still be used to prevent the Glassfish user-account from doing anything like that.

This situation can be improved by removing the universal grant and having the ClassLoader assign default read and write permissions to only the application's install directory (context-root). Any application which needs to read and write additional directories will then have to be explicitly allowed such permission(s) by adding additional grants inside server.policy for the codebase of the application.

2. The permission in (3) defines a PrivateCredentialPermission for the credential class "javax.resource.spi.security.PasswordCredential". Again we need to investigate here if the ClassLoader can do this only for applications that need this permission.

4.1.5.2.1 ClassLoader Enhancements Proposed

4.1.5.2.1.1 What Exists Today

The ClassLoader(s) in GF are setting a ProtectionDomain for the class. There are two parts to a ProtectionDomain, the CodeSource and the PermissionCollection. The CodeSource inturn consists of a URL and an array of Certificates/CodeSigners.

1. The CodeSource URL for classes loaded is being set correctly, however the Certificate/Signer information is null.
2. The static PermissionCollection that is being assigned seems to be simply a default FilePermission (allowed by Java) which allows a "read" of the particular class file. However the ProtectionDomain being created is such that the permissions granted to this domain are dynamic; they include both the static permissions passed to constructor, and any permissions granted to this domain by the current Policy at the time a permission is checked.

4.1.5.2.1.2 What Can be Improved

1. The Static PermissionCollection being passed to the ProtectionDomain can give a recursive read+write permission to the entire application context-root directory (eg. /root/..../domain1/applications/my-web-app)

2. The CodeSource is being created with null Certificates/CodeSigner. This one is probably more difficult. This enhancement is applicable to Application archives which were Signed by the developer/deployer. For an unsigned Application Archive this improvement will be a NOP.

Enhancement (1) will allow us to remove the default universal grant in server.policy which exists today, which allows any-app to read/write the entire filesystem (Note OS level protection may still prevent this to happen). So the end result of this enhancement is that, by default an application will be allowed to only read and write its own installed application directory and no-where-else. Any extra read/write's that the app needs to do will have to be explicitly configured in server.policy, specifying its codesource. This seems easy to fix, by having appropriate code in overridden getPermissions method of the ClassLoader.

  • protected PermissionCollection getPermissions(CodeSource codeSource) {}

Enhancement (2) would allow us to have Signer Based Policy Administration. In server.policy today we can only have policy administration based on codebase (URL) of the applications. But by making this enhancement we can express things like allow all code Signed by XXX the following set of Permissions (...).

The proposal was discussed with ClassLoader team and it was agreed that (1) can be fixed in GF 3.1 timeframe whereas (2) above might need some experimentation.

For (2) we need the ability to verify and assign code signers while loading the bytes of the exploded application archive (that was signed) files. Solving this problem at least partially boils down to dealing with the case when WebAppClassLoader#readEntryData is called with a null value for jarEntry. One approach would be to provide an implementation of JarEntry#getPeerCertificates that works directly off the exploded archive. If (2) can be achieved then it can be a differentiator for GlassFish.

4.1.5.3 Certificate Realm Extension

GlassFish users have often wanted to do custom validation of the Client Certificate in an SSL Mutual Authentication Scenario and do custom group assignment based on certains attributes and extensions in the Certificate. GlassFish V3.1 will provide the ability to do this.

The solution implemented is to allow a JAAS LoginModule to be configured for the CertificateRealm in GlassFish. More details are here

A convenient abstract base class for Certificate LoginModule has been introduced. The user's LoginModule may now extend com.sun.appserv.security.AppservCertificateLoginModule. The user now has to implement only the authenticateUser method and call the commitUserAuthentication method to signify success. However it is not necessary that the Certificate LoginModule has to extend the convenience base class (it can be a pure JAAS LoginModule instead). The package com.sun.appserv.security is the legacy Public API package for GlassFish since Appserver 8.x, where the original abstract base class for LoginModules (AppservPasswordLoginModule) exits.

4.1.5.3.1 Admin Impact

The Admin GUI needs to allow configuration of JAAS LoginModules for the CertificateRealm.

4.1.5.4 PAM Realm

This New Feature subsumes and extends what we had in terms of SolarisRealm. It will allow secure apps deployed on V3.1 to authenticate its users against native Unix (Solaris/Linux/Mac) users list.

New Public classes com.sun.enterprise.security.auth.realm.pam.PamRealm.java, and com.sun.enterprise.security.auth.login.PamLoginModule.java are being introduced for this task. Developers do not directly call API methods on them, instead these classes get mentioned in the Realm configuration in domain.xml and JAAS configuration (login.conf) respectively. The package used for the new public classes follow the same package prefix and naming convention as the other existing Realm's and LoginModules.

Like the Solaris Realm, the PAM Realm also does not work for Windows OS.

4.1.5.4.1 Admin Impact

The Admin GUI needs to show the PAM Realm as another configurable Realm for applications. And the Default JAAS_CONTEXT property for it should be set to PAMLoginModule. The CLI also needs to allow configuration of this realm and the CLI help page for create-auth-realm needs to be updated to list the PAM realm.

4.1.5.5 Replace GlassFish Security Pipes with Tubes

This task pertains to replacing the GlassFish Security Pipes with Tubes to support Asynchrony in WebService Execution. The Tubes have been implemented but not enabled.

4.1.5.5.1 Risk

Tubes require special handling by the Tube implementation to deal with ThreadLocals and GF-Security uses ThreadLocal(s) for a few set of things and we need make sure we are not breaking basic functionality here. There is an effort do define a new Tubes.next API that would be suitable for a full-featured support of asynchronous server side processing, addressable clients, as well as other requirements from WLS team. This is however not targeted for the GFv3.1 timeframe.

The intergration SPI for integration of GlassFish WebServices Security with the WebServices stack has been changing many times from

  • JAXRPC->JAXWS1.X(SystemHandlerDelegate)>JAXW2.X(Pipes)>JAXWS2.X(Tubes)->Tubes.Next in GF3.2?

Besides, the API (com.sun.xml.ws.api.pipe.FiberContextSwitchInterceptor) defined to deal with ThreadLocal's has not been used so far in any of the known Tube implementations that exist today in GlassFish/Metro.

4.1.5.6 DevTests in Embedded Mode

The Security DevTests do not run in Embedded Mode and there is a need to make atleast a subset of them run in Embedded mode.

4.1.5.7 Localization and Message ID's for INFO Logs

For V3.1 it appears that even INFO logs need to be localized with a proper Message ID. More details are [ here |GlassFishV3LoggingMessageFormat]

4.1.5.8 Cleanup of imported, exported packages from Security Modules

There is a need to clean up the imported and exported packages for Security Module based on general guidelines defined here

4.1.6 WebLogic Deployment Descriptor Support

The overall WebLogic Deployment Descriptor support work is being tracked here . Based on the initial analysis of relevance and effort the following things would be considered for support in Security module in GlassFish V3.1.

Element Name Effort Level (low/medium/high/unknown) Priority Glassfish Corresponding Element (if applicable) Comments  
security-role-assignment:role-name low P3 security-role-mapping:role-name in sun-web.xml SECURITY
security-role-assignment:principal-name low P3 security-role-mapping:principal-name in sun-web.xml SECURITY
security-permission medium P3   SECURITY
servlet-descriptor low P3   We will implement run-as-principal-name. But not init-as-principal-name, destroy-as-principal-name as we do not distinguish run-as for init and destroy. SECURITY. The dispatch-policy is a deprecated element in weblogic.xml

The security-permission feature in weblogic.xml allows Applications to bundle a single Java Policy grant {...} statement without any codebase and codesigner. The GlassFish Policy processing code would need to be enhanced to pick this additional grant. We may or maynot be able to support the security-permission element in GlassFish 3.1 since it requires enhancements and we were planning a more advanced feature here on the same lines (see SEC-009), but have marked it as P3 (would be taken up based on availability of time and resources).

The Weblogic servlet-descriptor element has the notions of principal names for init() and destroy() methods of the servlet. We plan to support only the run-as-principal-name and not the init-as-principal-name and destroy-as-principal-name.

4.2. Bug/RFE Number(s):

1. CR :6913736
2. 11995
3. 11996

More Bugs and RFE's for all the tasks to be Filed.

4.3. In Scope:

4.4. Out of Scope:

The full set of New Security Features are being tracked in the V3.1Security Wiki. However the features SEC-003, SEC-009 to SEC-012, SEC-014 which are P3/P4 in nature will be taken up if the team gets time to work on them (before the SCF). Otherwise these features would be deferred to a later release.

4.5. Interfaces:

Interfaces may be commands, files, directory structure, ports,
DTD/Schema, tools, APIs, CLIs, etc.
Note: In lieu of listing the interfaces in the one pager, providing
a link to another specification which defines the interfaces
is acceptable.

4.5.1 Public Interfaces

This list of Exported and Imported Interfaces in V3.1 is the same as V3. There are a few additions in the list of exported interfaces/classes detailed in sections 4.1.5.3 and 4.1.5.4 above.

4.5.2 Private Interfaces

The list of Private Interfaces in V3.1 are the same as those in V3

4.5.3 Deprecated/Removed Interfaces:

The following Interfaces/methods have been deprecated in V3.1 and new counterparts have been added for them. This is primarily done to deal with the issue that the original methods used Strings for storing Passwords whose values can only be removed by GarbageCollector. The new methods accept a char[] to facilitate clearing of collected password values; other than as a result of GC. 

1. trunk/v3/security/core/src/main/java/com/iplanet/ias/security/auth/login/PasswordLoginModule.java 

  Deprecated:
     public final AuthenticationStatus commitAuthentication(String username,
                                        String password,
                                        Realm theRealm,
                                        String[] groups)

Newly added:

     public final AuthenticationStatus commitAuthentication(String username,
                                        char[] password,
                                         Realm theRealm,
                                         String[] groups)

2. trunk/v3/security/core/src/main/java/com/sun/appserv/security/AppservPasswordLoginModule.java

    Deprecated:

     protected String _password;

     public String getPassword()


   Newly added:

      private char[] _passwd;

      protected char[] getPasswordChar()



3. trunk/v3/security/core/src/main/java/com/sun/appserv/security/AppservRealm.java

Deprecated:

    public  void addUser(String name, String password, String[] groupList)


    public void updateUser(String name, String newName, String password,
                           String[] groups)



Newly added:

    public  void addUser(String name, char[] password, String[] groupList)
    public void updateUser(String name, String newName, char[] password,
                            String[] groups)

4. trunk/v3/security/core/src/main/java/com/sun/appserv/security/ProgrammaticLogin.java


    Deprecated:

    public Boolean login(final String user, final String password,
       final String realm, boolean errors)

    public Boolean login(final String user, final String password)


    public Boolean login(final String user, final String password,
                         final String realm,
                         final HttpServletRequest request,
                         final HttpServletResponse response, boolean errors)
 
    public Boolean login(final String user, final String password,
                     final HttpServletRequest request,
                     final HttpServletResponse response)


Newly added:

    public Boolean login(final String user, final char[] password,
         final String realm, boolean errors)

    public Boolean login(final String user, final char[] password)

    public Boolean login(final String user, final char[] password,
                          final String realm,
                          final HttpServletRequest request,
                          final HttpServletResponse response, boolean errors)

    public Boolean login(final String user, final char[] password,
                          final HttpServletRequest request,
                          final HttpServletResponse response)


5. trunk/v3/security/core/src/main/java/com/sun/enterprise/security/auth/login/PasswordLoginModule.java

Deprecated:

 public abstract class PasswordLoginModule extends AppservPasswordLoginModule

 public final void commitAuthentication(String username,
                                         String password,
                                         Realm theRealm,

Newly added:

   public final void commitAuthentication(String username,
                                        char[] password,
                                        Realm theRealm,
                                        String[] groups)

6. trunk/v3/security/core/src/main/java/com/sun/enterprise/security/web/integration/WebPrincipal.java

Deprecated:
    public WebPrincipal(String user, String password,
                        SecurityContext context)

Newly added:
    public WebPrincipal(String user, char[] password,
                         SecurityContext context)

4.5.3.1 Removed Interfaces

There is a desire to change the protected access to member(s)

protected String _username;
protected String _password;

in AppservPasswordLoginModule to private access and introduce getter and setter methods. In addition the type of the _password should be changed to char[] instead of String. Doing this would break backward-compatibility of Custom-Realms defined by End-Users and it also likely to cause failures in SQE tests.

Currently we have just deprecated them and introduced new variants that just use getter and setter with private char[] for storing the password.

The other alternative is to introduce a new alternative base class which can serve as a replacement for AppservPasswordLoginModule where we have the correct access modifiers and data types. We could then deprecate AppservPasswordLoginModule class and make sure all the internal implementations of Realms in GlassFish make use of the new class.

4.5.3.1.1

The default-principal-password attribute in security-service is a legacy attribute which is unused in V3. Only the default-principal-name is used to initialize the Default Principal for the SecurityContext. This password attribute appears in the admin-gui and needs to be removed.

4.6. Doc Impact:

All the Proposed new features would need to be documented in the Glassfish Documentation Security Chapter. The Non-Standard API's which have been deprecated and their new variants/alternatives would also need to be documented See section for the list of deprecated API's and their replacements. Since no new Standard API's are being Exported there should be no impact to JavaEE 6 JavaDocs.

There is however one proposal sent to Servlet Expert Group which could result in a change to the JavaEE 6 Javadocs.

we should deprecate:

public void login(String username, String password) throws ServletException;

in favor of

public void login(String username, char[] password) throws ServletException;

to facilitate clearing of collected password values; other than as a result of GC.

There is text in "asadmin create-auth-realm --help" which talks about support for a non-existent property "clientAuth" for the CertificateRealm to enable client authentication for all apps. This needs to be removed if it is also present in the Docs (see 4.7 below).

4.7. Admin/Config Impact:

Admin GUI/CLI support will be required for the following :

1. LoginModule configuration for CertificateRealm
2. PAMRealm and PAMLoginModule configuration in GUI and CLI
3. The OAM integration work would produce a SAM (JSR-196 Server Authentication Module) that should be configurable at Global-Instance-Level and individual Application-Level. We may endup levaraging the existing message-security-config element under security-service (for which Admin GUI/CLI support exists today). But a little bit more investigation is needed to say what new support is required (if any)
4. CLI support in the form of an admin command to synchronize server.policy and login.conf from DAS to instances would be required. More details are here
5. The defaul-principal-password field appears under Admin GUI security-service. This should be removed as it is an unused filed (see section 4.5.3.1.1 above).
Bugs filed for the admin work are here. The buglist is not complete and will be completed soon.
6. There is text in "asadmin create-auth-realm --help" which talks about support for a non-existent property "clientAuth" for the CertificateRealm to enable client authentication for all apps. This needs to be removed. It is actually controlled by having an attribute "client-auth-enabled" set on the ssl child element of the protocol elements.

4.7.1 New CLI commands needed by Admin-GUI for its Rest Based Implementation

This requirement was communicated by the Admin GUI team to the security team.

1. Need to list out which group a user belongs to. This is getGroupNames (String realmName, String userName) method.

2. Need to know if a realm supports user management. This is supportsUserManagement(String realmName) method.

3. Get the list of predefined auth realm class. This is the getPredefinedAuthRealmClassNames() method.

4. There doesn't seem to be a way of using CLI to change a user password. The current CLI

Usage: asadmin [asadmin-utility-options] update-file-user [--groups <groups>]
    [--authrealmname <authrealmname>] [--target <target>]
    [-?|--help[=<help(default:false)>]] username

doesn't allow change of password. 
However, the man page says:   This subcommand updates an existing  entry  in  the  keyfile using the specified user name, password and groups.

4.8. HA Impact:

There is no HA impact of this proposal. The Clustering Impact is discussed above

4.9. I18N/L10N Impact:

None

4.10. Packaging, Delivery & Upgrade:

4.10.1. Packaging

The only new external dependency that this project introduces is libpam4j.

4.10.2. Delivery

None.

4.10.3. Upgrade and Migration:

There are no new requirements imposed on upgrade tool and migration tool other than those in V3. There is one small item for the upgrade tool which is that the server.policy file in V3.1 may be a little cleaned up w.r.t grants given to applications and untrusted code. See section above

4.11. Security Impact:

This proposal does rely on the Java Policy framework, but does not add any additional requirements than what is already part of Glassfish V2.

4.12. Compatibility Impact

Incompatible changes to interfaces that others expect to be stable may cause other parts of application server or
other dependent products to break.

Discuss changes to the imported or exported interfaces.Describe how an older version of the interface would
be handled.

4.13. Dependencies:

An internal dependency is a dependency on a project, module,
component or product that is within the GlassFish project.
An external dependency is a dependency on a project, component
or product that resides outside of the GlassFish project.

4.13.1 Internal Dependencies

The Security Module in GlassFish V3.1 depends on the following internal modules.

<groupId>org.glassfish.admin</groupId>
     <artifactId>config-api</artifactId>
     <version>${project.version}</version>

     <groupId>org.glassfish.deployment</groupId>
     <artifactId>dol</artifactId>
     <version>${project.version}</version>

     <groupId>org.glassfish.common</groupId>
     <artifactId>common-util</artifactId>
     <version>${project.version}</version>

     <groupId>org.glassfish.deployment</groupId>
     <artifactId>deployment-common</artifactId>
     <version>${project.version}</version>

     <groupId>org.glassfish.common</groupId>
     <artifactId>internal-api</artifactId>
     <version>${project.version}</version>

     <groupId>org.glassfish</groupId>
     <artifactId>javax.servlet</artifactId>
     <version>${project.version}</version>

     <groupId>org.glassfish.common</groupId>
     <artifactId>glassfish-api</artifactId>
     <version>${project.version}</version>

     <groupId>org.glassfish</groupId>
     <artifactId>javax.ejb</artifactId>
     <version>${project.version}</version>

     <groupId>org.glassfish.ejb</groupId>
     <artifactId>ejb-internal-api</artifactId>
     <version>${project.version}</version>

     <groupId>org.glassfish.connectors</groupId>
     <artifactId>connectors-internal-api</artifactId>
     <version>${project.version}</version>

     <groupId>org.glassfish.orb</groupId>
     <artifactId>orb-iiop</artifactId>
     <version>${project.version}</version>

     <groupId>org.glassfish.orb</groupId>
     <artifactId>orb-connector</artifactId>
     <version>${project.version}</version>

     <groupId>org.glassfish.core</groupId>
     <artifactId>kernel</artifactId>
     <version>${project.version}</version>
     
     <groupId>org.glassfish.deployment</groupId>      
     <artifactId>deployment-common</artifactId>
     <version>${project.version}</version>
      
     
     <groupId>org.glassfish.web</groupId>
     <artifactId>web-glue</artifactId>
     <version>${project.version}</version>
     
     <groupId>org.glassfish.webservices</groupId
     <artifactId>jsr109-impl</artifactId>
     <version>${project.version}</version>
     
     
     <groupId>org.glassfish.appclient</groupId>
     <artifactId>acc-config</artifactId>
     <version>${project.version}</version>
 
     <groupId>org.glassfish.web</groupId>
     <artifactId>web-core</artifactId>
     <version>${project.version}</version>

     <groupId>org.glassfish.web</groupId>
     <artifactId>war-util</artifactId>
     <version>${project.version}</version>

     <groupId>com.sun.grizzly</groupId>
     <artifactId>grizzly-utils</artifactId>

4.13.2 External Dependencies

The External Dependencies in GlassFish V3.1 Security Module are the same as in GlassFish V3, with one new addition. The PAMRealm support requires a new external dependency on libpam4j. The libpam4j is a java.net OpenSource project that uses MIT License.

The external dependencies in GlassFish V3 Security Module included HK2, the LDAP Booster Pack (ldapbp-repackaged.jar) from the JDK JNDI team, the libsolsparcauth.so and libsolx86auth.so files required by SolarisRealm which are produced from native code which is present in the V3 workspace, the management-api and GMBAL API, the following ORB API's

<groupId>com.sun.corba</groupId>
     <artifactId>glassfish-corba-csiv2-idl</artifactId>

     <groupId>com.sun.corba</groupId>
     <artifactId>glassfish-corba-omgapi</artifactId>

     <groupId>com.sun.corba</groupId>
     <artifactId>glassfish-corba-orb</artifactId>

and the following Metro (WebServices) API :

<groupId>com.sun.xml.ws</groupId>
     <artifactId>webservices-osgi</artifactId>
           
     <groupId>javax.xml</groupId>
     <artifactId>webservices-api-osgi</artifactId>
 
     <groupId>com.sun.xml.bind</groupId>
     <artifactId>jaxb-osgi</artifactId>tId>
            
     <groupId>javax.xml.bind</groupId>
     <artifactId>jaxb-api-osgi</artifactId>

These external dependencies, along with instructions on how to do source build for them are being tracked here.

4.14. Testing Impact:

New Tests will need to be written for all features which have been marked for QA hand-off. The development team would write Automated DevTests which will be used for the QA-HandOff procedure.

5. Reference Documents:

1. JSR 196 : http://jcp.org/en/jsr/detail-196
2. JSR 115 : http://jcp.org/aboutJava/communityprocess/maintenance/jsr115/index5.html
3. JSR 250 : http://jcp.org/en/jsr/detail-250
4. JSR 315 : http://jcp.org/en/jsr/detail-315
5. JSR 316 : http://jcp.org/en/jsr/detail-316
6. Security OnePager for GlassFish V3.0

6. Schedule:

6.1. Projected Availability:

The Milestone assignment and QA-Handoff dates are being tracked here.