Transcript Java Enterprise Multilevel Access “JEEMA” Web Portal In

Java Enterprise Multilevel Access
“JEEMA”
Web Portal
In partial fulfillment of the requirements
for a
Masters of Science
Computer Science
Presented by
Patrick D. Cook
for
Dr. Edward Chow
Dr. Charlie Shub
Dr. Jugal Kalita
Outline
•
•
•
•
•
•
•
•
Project goals
Background
JEEMA
Performance
Reliability
Lessons Learned
Conclusion
Demo
Patrick Cook
JEEMA
2
Project Goals
• Can a single sign-on realize multilevel security?
• Investigate Portlet Technology, in particular Java
Specification Request (JSR)168, to determine if
it would facilitate sharing data, at different
security levels
• Avert the information flow problem, i.e. use a
single sign on to access to multiple levels of
classified resources, without compromising the
multilevel security policy.
Patrick Cook
JEEMA
3
Background
Related work, Rationale, Design
decisions
Related Work
• Portals, Portlets and IPC
– Michelle Osborne (2006)
– Rebecca Twigg (2006)
• Single Sign-on
– Yale University
– UCCS
Patrick Cook
JEEMA
5
Rationale and Relevance
• The events on September 11, 2001 which
spawned the 9/11 commissions report
• Hurricane Katrina and Rita in 2005
• Personal experiences
– Military United States Army Battle Staff
– Lockheed Martin Integrated Systems and Solutions
– Raytheon Intelligence and Information Systems
Patrick Cook
JEEMA
6
J2EE vs. .NET
• When it comes to building distributed web
applications which can interoperate
seamlessly between components in
platform-neutral way there are two leading
technologies competing for your vote,
J2EE and .NET (pronounce “dot NET”).
Patrick Cook
JEEMA
7
.NET
• .NET is a Microsoft centric approach that
runs on Windows platforms but does not
fully comply with other operating systems.
• .NET is still in its infancy with respect to
Java and has not reached its “tipping”
point with many vendors.
Patrick Cook
JEEMA
8
J2EE
• J2EE is a platform-independent solution
that uses the Java programming language
and provides support for major operating
systems
• J2EE is widely supported amongst major
vendors
• W.O.R.M
– Write once run many times
Patrick Cook
JEEMA
9
J2EE Application Servers
•
•
•
•
BEA WebLogic
IBM Websphere
SunOne Portal Server
JBOSS
Patrick Cook
JEEMA
10
Java Portals
• A Java portal is a J2EE conformant
technology which aggregates resources
from disparate systems into a common
operating environment over the web. It
generally allows individualized
customization, facilitates single sign-on
authentication and is designed to run on
multiple platforms [JSR168].
Patrick Cook
JEEMA
11
Portlets
• Portlets are web components that
generate dynamic content in an
autonomous fashion. The autonomy is
generated by markup fragments such as
HTML, XHTML, or XML, but the
aggregation of the fragments are managed
by a portlet container.
Patrick Cook
JEEMA
12
Portlet Container
• In general, a container is software that
provides “out of the box” services which
developers can leverage for initialization,
creation, and deletion, as well as, resource
and dependency management [JBOSSP].
Patrick Cook
JEEMA
13
JSR 168
• Java Specification Request 168, originally
released in October 2003, provides the
blueprint for developing portal
components.
• Portlet Application Program Interface (API)
– Portlet
– PortletConfig
– GenericPortlet
Patrick Cook
JEEMA
14
JEEMA
Java Enterprise Edition Multilevel Access
Web Portal
What is JEEMA?
• JEEMA, Java Enterprise Edition Multilevel
Access, is an acronym for a Java 2 Enterprise
Edition (J2EE) compliant web portal that
champions portlet technology to facilitate single
sign-on authentication to access resources with
multiple security levels
• JEEMA is based on the Java 2 Platform,
Standard Edition, which adheres to the Java
programming language and libraries
Patrick Cook
JEEMA
16
Patrick Cook
JEEMA
17
JEEMA implementation of SSO
• WebLogic Portal Administration
– http://128.198.61.179:7001/portalAppAdmin/
Patrick Cook
JEEMA
18
JEEMA implementation of IPC
• Java Messaging Service API’s
• Uses the “listenTo” attribute in establishing
interportlet communications.
• Whenever a portlet is added to a portal, it
creates an “instance” this instance has an
instance label which other portlets listen to
Patrick Cook
JEEMA
19
Client Request
Patrick Cook
JEEMA
20
JSP
<body>
<netui:form action="getMessage">
<netui:textBox dataSource="text"/>
<netui:button>Submit</netui:button>
</netui:form>
</body>
Patrick Cook
JEEMA
21
TopSecretController.jpf
/**
* @jpf:action
* @jpf:forward name="simpleForm“ path="topSecret.jsp"
*/
protected Forward getMessage( Form form )
{
String message = form.getText();
try
{
publisher.writeMessage(message);
}
catch(Exception e)
{
e.printStackTrace();
}
return new Forward( "simpleForm" );
}
Patrick Cook
JEEMA
22
JMS
private InitialContext jndi = null;
private String TOPIC = "jmsTopic";
private String JNDI_CONNECTION_FACTORY
= "weblogic.jndi.WLInitialContextFactory";
private String JMS_CONNECTION_FACTORY
= "weblogic.jms.ConnectionFactory ";
private String APPLICATION_PROVIDER_URL
= "t3://localhost:7001";
Patrick Cook
JEEMA
23
Perfomance
System Specifications, Testbed
Specifications, Results
System Specifications
• Microsoft Windows XP
– Professional Version 2002
– Service Pack 2
• Internet Explorer
6.0.2900.2180.xpsp.050622-1524
• BEA WebLogic Workshop
– Version 8.1.5
– Build 2005.0921.20042
Patrick Cook
JEEMA
25
JEEMA Test bed Specifications
• Dell Optiplex GX620
– Intel (R)
– Pentium (R)
– CPU 3.20GHz, 3.19 GHz,
– 3.50 GB of RAM
– Physical Address Extension
Patrick Cook
JEEMA
26
Performance
1200
1000
R2 = 0.9905
time (milliseconds)
• The portlets
contained same
content but was
double for each
iterations (i.e. 4
portlets, 8 portlets, 16
portlets…, 64
portlets).
IPC Performance
800
600
400
y = -0.0691x2 + 21.537x - 27.569
200
0
0
10
20
30
40
50
60
70
number of portlets
Patrick Cook
JEEMA
27
JEEMA Reliability
• The reliability of the system, R (m), is
measured in terms of its ability to deliver
reliable messages to its recipients as
portlets increase within a web portal.
• This can be defined mathematically as
R(m) = p/ m, where p is equal to the
number of reliable messages and m is the
total number of messages.
Patrick Cook
JEEMA
28
Lessons Learned
• The challenges related to remote
development (“The virtual team”)
• Black Box Coding
• Implementing JMS on SunOne and JBoss
– JNDI
– “Asynchronous” Communication
Patrick Cook
JEEMA
29
Future Work
• Integration with WSRP 2.0
• Use XACML Decision Points
• Asynchronous Java and XML (AJAX)
methodologies
Patrick Cook
JEEMA
30
Conclusion
• A single sign – on can realize multilevel
security
• The technology is not mature enough in its
current form for an enterprise solution that
used for National Security
• It does provides a stepping stone toward
upward mobility in MLS solutions
Patrick Cook
JEEMA
31
Questions
Patrick Cook
JEEMA
32
Backup
• Control Tree
• JMS Configuration
Patrick Cook
JEEMA
33