/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsVIRGINIA, USA: Advanced Modeling Concepts, a technology consulting firm, has released a unique Java security tool--AfterthoughtSoft-Secure, that allows Java developers (or security professionals) to add powerful Role-Based Access Control logic, "after-the-fact" to "existing" Java applications.
"ANY client side Java application can now have sophisticated Role-Based Access Control security woven into it in seconds--even if it is legacy code!" says president and CEO Bart Jenkins.
He added, "The AfterthoughtSoft-Secure tool can weave Java JAAS (Java Authentication and Authorization" logic into any existing Java application--even if it is a third-party application that is no longer supported or for which no source code exists. Through the use of powerful technologies like Reflection and Aspect-Oriented Programming techniques, the AfterthoughtSoft-Secure tool will generate a secure copy of any Java application that exists in jar file format."
AfterthoughtSoft-Secure comes in 3 editions: A free "community" edition, a "pro" edition, and an "enterprise" edition.
The free community edition allows users to secure applications that authenticate against an ASCII file based list that consists of user names, group names and MD5 hashed passwords. The pro edition adds the ability to authenticate to Windows (NT/2000/XP) / UNIX (Solaris / Linux), Relational Database Management Systems (RDBMS) like MS-Access / Oracle / MySql. The Enterprise edition does everything the community and pro edition can do, and adds the ability to authenticate against LDAP and Kerberos V repositories.
How it works?
A technical users points the AfterthoughtSoft-Secure tool at any existing Java application that is contained in a runnable JAR file, identifies which parts of the application need to be protected and who is authorized to execute those parts, chooses the security realm desired (file based, Windows / Unix / JDBC / LDAP or Kerberos), and the tool makes an exact copy of the original Jar file with security woven throughout.
"One of the hardest parts of dealing with JAAS implementations is getting the security policy files done correctly," says Jenkins. "The tool automatically generates all the necessary .java.policy and .java.login.config files for you!"