Java Enterprise Multilevel Access“JEEMA”

Web PortalIn partial fulfillment of the requirements

for a Masters of Science Computer Science

Presented by

Patrick D. Cookfor

Dr. Edward Chow Dr. Charlie ShubDr. Jugal Kalita

Patrick Cook JEEMA 2

Outline• Project goals• Background• JEEMA• Performance• Reliability• Lessons Learned• Conclusion• Demo

Patrick Cook JEEMA 3

Project Goals• Can a single sign-on realize multilevel security?• Investigate Portlet Technology, in particular Java

Specification Request (JSR)168, to determine if it would facilitate sharing data, at different security levels

• Avert the information flow problem, i.e. use a single sign on to access to multiple levels of classified resources, without compromising the multilevel security policy.

Background

Related work, Rationale, Design decisions

Patrick Cook JEEMA 5

Related Work

• Portals, Portlets and IPC– Michelle Osborne (2006)– Rebecca Twigg (2006)

• Single Sign-on – Yale University– UCCS

Patrick Cook JEEMA 6

Rationale and Relevance

• The events on September 11, 2001 which spawned the 9/11 commissions report

• Hurricane Katrina and Rita in 2005• Personal experiences

– Military United States Army Battle Staff– Lockheed Martin Integrated Systems and Solutions– Raytheon Intelligence and Information Systems

Patrick Cook JEEMA 7

J2EE vs. .NET

• When it comes to building distributed web applications which can interoperate seamlessly between components in platform-neutral way there are two leading technologies competing for your vote, J2EE and .NET (pronounce “dot NET”).

Patrick Cook JEEMA 8

.NET

• .NET is a Microsoft centric approach that runs on Windows platforms but does not fully comply with other operating systems.

• .NET is still in its infancy with respect to Java and has not reached its “tipping” point with many vendors.

Patrick Cook JEEMA 9

J2EE

• J2EE is a platform-independent solution that uses the Java programming language and provides support for major operating systems

• J2EE is widely supported amongst major vendors

• W.O.R.M– Write once run many times

Patrick Cook JEEMA 10

J2EE Application Servers

• BEA WebLogic

• IBM Websphere

• SunOne Portal Server

• JBOSS

Patrick Cook JEEMA 11

Java Portals

• A Java portal is a J2EE conformant technology which aggregates resources from disparate systems into a common operating environment over the web. It generally allows individualized customization, facilitates single sign-on authentication and is designed to run on multiple platforms [JSR168].

Patrick Cook JEEMA 12

Portlets

• Portlets are web components that generate dynamic content in an autonomous fashion. The autonomy is generated by markup fragments such as HTML, XHTML, or XML, but the aggregation of the fragments are managed by a portlet container.

Patrick Cook JEEMA 13

Portlet Container

• In general, a container is software that provides “out of the box” services which developers can leverage for initialization, creation, and deletion, as well as, resource and dependency management [JBOSSP].

Patrick Cook JEEMA 14

JSR 168

• Java Specification Request 168, originally released in October 2003, provides the blueprint for developing portal components.

• Portlet Application Program Interface (API)– Portlet – PortletConfig – GenericPortlet

JEEMA

Java Enterprise Edition Multilevel Access

Web Portal

Patrick Cook JEEMA 16

What is JEEMA?• JEEMA, Java Enterprise Edition Multilevel

Access, is an acronym for a Java 2 Enterprise Edition (J2EE) compliant web portal that champions portlet technology to facilitate single sign-on authentication to access resources with multiple security levels

• JEEMA is based on the Java 2 Platform, Standard Edition, which adheres to the Java programming language and libraries

Patrick Cook JEEMA 17

Patrick Cook JEEMA 18

JEEMA implementation of SSO

• WebLogic Portal Administration– http://128.198.61.179:7001/portalAppAdmin/

Patrick Cook JEEMA 19

JEEMA implementation of IPC

• Java Messaging Service API’s

• Uses the “listenTo” attribute in establishing interportlet communications.

• Whenever a portlet is added to a portal, it creates an “instance” this instance has an instance label which other portlets listen to

Patrick Cook JEEMA 20

Client Request

Patrick Cook JEEMA 21

JSP

<body>

<netui:form action="getMessage">

<netui:textBox dataSource="text"/>

<netui:button>Submit</netui:button>

</netui:form>

</body>

Patrick Cook JEEMA 22

TopSecretController.jpf /** * @jpf:action * @jpf:forward name="simpleForm“ path="topSecret.jsp" */ protected Forward getMessage( Form form ) {

String message = form.getText(); try

{ publisher.writeMessage(message); } catch(Exception e) { e.printStackTrace(); }

return new Forward( "simpleForm" ); }

Patrick Cook JEEMA 23

JMS

private InitialContext jndi = null;

private String TOPIC = "jmsTopic";

private String JNDI_CONNECTION_FACTORY = "weblogic.jndi.WLInitialContextFactory";

private String JMS_CONNECTION_FACTORY = "weblogic.jms.ConnectionFactory ";

private String APPLICATION_PROVIDER_URL = "t3://localhost:7001";

Perfomance

System Specifications, Testbed Specifications, Results

Patrick Cook JEEMA 25

System Specifications

• Microsoft Windows XP – Professional Version 2002– Service Pack 2

• Internet Explorer 6.0.2900.2180.xpsp.050622-1524

• BEA WebLogic Workshop– Version 8.1.5 – Build 2005.0921.20042

Patrick Cook JEEMA 26

JEEMA Test bed Specifications

• Dell Optiplex GX620 – Intel (R)– Pentium (R) – CPU 3.20GHz, 3.19 GHz,– 3.50 GB of RAM– Physical Address Extension

Patrick Cook JEEMA 27

Performance

• The portlets contained same content but was double for each iterations (i.e. 4 portlets, 8 portlets, 16 portlets…, 64 portlets).

IPC Performance

R2 = 0.9905

y = -0.0691x2 + 21.537x - 27.569

0

200

400

600

800

1000

1200

0 10 20 30 40 50 60 70

number of portlets

time

(mill

isec

onds

)

Patrick Cook JEEMA 28

JEEMA Reliability

• The reliability of the system, R (m), is measured in terms of its ability to deliver reliable messages to its recipients as portlets increase within a web portal.

• This can be defined mathematically as R(m) = p/ m, where p is equal to the number of reliable messages and m is the total number of messages.

Patrick Cook JEEMA 29

Lessons Learned

• The challenges related to remote development (“The virtual team”)

• Black Box Coding

• Implementing JMS on SunOne and JBoss– JNDI– “Asynchronous” Communication

Patrick Cook JEEMA 30

Future Work

• Integration with WSRP 2.0

• Use XACML Decision Points

• Asynchronous Java and XML (AJAX) methodologies

Patrick Cook JEEMA 31

Conclusion

• A single sign – on can realize multilevel security

• The technology is not mature enough in its current form for an enterprise solution that used for National Security

• It does provides a stepping stone toward upward mobility in MLS solutions

Patrick Cook JEEMA 32

Questions

Patrick Cook JEEMA 33

Backup

• Control Tree

• JMS Configuration