GlassFish V3.2 Security One Pager (template version 1.92)
1. Introduction This One Pager would discuss the new security features that are being planned for GlassFish V3.2. 1.1. Project/Component Working Name: GlassFish V3.2 Security. 1.2. Name(s) and e-mail address of Document Author(s)/Supplier: Kumar Jayanti, Nithya Subramanian Name: kumarjayanti@java.net, nitkal@java.net 1.3. Date of This Document: 13/04/2011 2. Project Summary 2.1. Project Description: This One Pager would discuss the new security features that are being planned for GlassFish V3.2. Bug-Fixes carried over from previous releases and any new bugs classified for V3.2 will not be part of this document and are tracked directly in JIRA. See below for a longer, more detailed technical description. 2.2. Risks and Assumptions: No currently known risks 3. Problem Summary 3.1. Problem Area: The task list with details on each task along with effort estimates are being Tracked here . Amongst the list above, the only problem areas that are applicable for a detailed description in this OnePager are the following : 1. Introduction of a CertStore (Certificate Store) in GlassFish. This requirement is coming from a Particular Metro Security Usecase. 2. Initialize AuditManager as Startup Service. 3. Enhance existing LDAP Realm or define a new LDAP Realm which handles Failover (among list of replicas/backups), possibly support a Split-LDAP both asked for by GlassFish developers and one other issue pointed out by developers with current LDAPRealm. 3.2. Justification: Security is part of core GlassFish. 4. Technical Description: 4.1. Details: 4.2. Bug/RFE Number(s): 1. CertStore in GlassFish 2. AuditManager and Modules as Startup Service 3. LDAP Realm Enhancement 4.3. In Scope: 4.4. Out of Scope: 4.5. Interfaces: No change from 3.1. 4.5.1 Public Interfaces 1. A possible Base Interface which end-users would not need to use. Please see details here : AuditManager and Modules as Startup Service 2. A New LDAP Realm that will be usable by developers. This will appear only if we decide not to add the proposed enhancements to existing LDAPRealm in glassFish. Please see details here : LDAP Realm Enhancement 4.5.2 Private Interfaces 4.5.3 Deprecated/Removed Interfaces: None 4.6. Doc Impact: LDAP Realm Enhancement if made as part of the GlassFish V3.2 codebase will need to be documented. 4.7. Admin/Config Impact: There is no Admin GUI/CLI impact for these features. The impact incase of a new LDAP Realm being introduced into GlassFish will be handled by augmenting the CLI (handled by Security Team) to list an additional PreDefined Realm. The Config impact for CertStore feature are discussed in detail here : CertStore in GlassFish 4.8. HA Impact: None. 4.9. I18N/L10N Impact: None 4.10. Packaging, Delivery & Upgrade: 4.10.1. Packaging None 4.10.2. Delivery None 4.10.3. Upgrade and Migration: None 4.11. Security Impact: We are fixing a few issues in GF Security implementation. 4.12. Compatibility Impact None 4.13. Dependencies: 4.13.1 Internal Dependencies Dependency on Config module for the CertStore features is discussed here : CertStore in GlassFish 4.13.2 External Dependencies The JDK LDAP Login Module might be used as part of the LDAP Realm Enhancement (http://download.oracle.com/javase/6/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/LdapLoginModule.html). 4.14. Testing Impact: Tests exist for AuditManager Improvement. New tests will be written for CertStore feature (in Metro) and LDAPRealm. 5. Reference Documents: 6. Schedule: The RFE's filed indicate the Milestones where the features will be available. 6.1. Projected Availability:
|
