1. Field of the Invention
The present invention relates to the field of application security and more particularly to login authentication and authorization service integration.
2. Description of the Related Art
Application security refers to both authentication and authorization. Generally application security intends upon identifying a user or computer attempting to execute functions within secure code and ensuring that the identified user or computer enjoys a right to execute the functions as requested. In this context, authentication is the process of determining whether or not an entity is who or what it declares itself to be, whereas authorization is the process of giving an entity permission to do, use, or obtain something once the entity has been authenticated. Thus, logically authentication precedes authorization.
In the context of portable code configured to execute within a virtual machine environment irrespective of a particular underlying computing platform, application security can be of paramount importance—particularly in that the code is portable and can be found in any arbitrary platform at any time. To with, at the time of development, it is seldom the case that the developer will know where and when portable code is to be executed.
In view of the security requirements of portable code, security logic has been embedded in the virtual machine itself to provide an interface for authenticating and authorizing access to portable code. By way of example, the Java Authentication and Authorization Service (JAAS) provides a set of application program interfaces that can determine the identity of a user or computer attempting to run functions in Java code and to ensure that the user or computer enjoys the right to execute the functions as requested. The JAAS authorization process extends the security policy of the Java virtual machine to specify or identify the privileges that have been granted to an entity attempting to execute code.
Despite the advances embodied in JAAS, JAAS is not flexible enough to integrate with a loosely coupled component based application having an extension point orientation. In this regard, a loose coupling can be achieved in an application framework partially through the mechanism of extensions and extension points. Specifically, when a logic in an application intends upon permitting plug-ins to extend or customize portions of its functionality, the logic can declare an extension point. The extension point declares a required contract, typically a combination of extensible markup language (XML) markup and Java interfaces, to which an extension must conform. Plug-ins seeking to connect to the extension point must implement the contract in their extension. Yet, the logic being extended need know nothing about the plug-in beyond the scope of the extension point contract. The Eclipse platform represents one such extension point oriented loosely coupled framework for application development.
In the Eclipse platform, like other loosely coupled extension point oriented frameworks, plug-ins for extension points provide a fundamental mechanism for extending the functionality of the application. Providing application authentication and authorization through a plug-in however, inhibits the application of a login configuration class provided, for example, by JAAS in as much as the JAAS configuration class cannot be provisioned from within a plug-in. Yet further, JAAS cannot view plug-in classloaders in the Eclipse environment.