Skip to content

Infrastructure for providing secured micro services, that are dynamically discoverable and searchable over ipv6 networks

License

Apache-2.0, Apache-2.0 licenses found

Licenses found

Apache-2.0
LICENSE
Apache-2.0
LICENSE.txt
Notifications You must be signed in to change notification settings

pfirmstone/JGDMS

JGDMS - Java/Jini Global Distributed Micro Services.

Build instructions

From command or shell prompt:

$ mvn -f JGDMS/pom.xml package

For unit tests:

$mvn -f JGDMS/pom.xml test

After successfully testing the above, integration and regression tests can be run by:

$export JSK_HOME= /* path to current directory or set this property in build.properties*/

$ cd qa

$ ant build

$ ant run-all

$ ant jtreg

The regression tests ($ ant run-all) take approximately 24 hours to complete.

The jtreg tests take about half an hour to complete, you'll need to manually install jtreg, refer to http://openjdk.java.net/jtreg/

This software is forked from Apache River trunk, it is designed with internet security in mind and provides:

  • ObjectInput and ObjectOutput implementations for hardening deserialization in the presence of untrusted input.
  • TLSv1.3 Stateless Encrypted endpoints for RPC communication over untrusted networks.
  • IPv6 Multicast Discovery using X500 distinguished names with various integrity checking hash functions provided.
  • Unicast Discovery over a TLSv1.3 connection with an SHA-224, SHA-256, SHA-384 or SHA-512 hash function to validate data sent and received at both ends prior to sending a response.
  • Dynamically granting DownloadPermission and DeSerialization permission to trusted authenticated lookup services during unicast discovery.
  • Lookup Service registrar to search services available from various arbitrary third parties.
  • Lookup method that allows authentication of third parties, using a bootstrap proxy, prior granting DownloadPermission and DeSerialization permission for service utilisation.
  • Invocation and Method constraints.

Old Discussion forum (please use github Discussions):

https://groups.google.com/forum/#!forum/river-secure-ipv6-discovery

Notables:

  • Worlds fastest, highly scalable, Java security policy provider.
  • RFC3986URLClassLoader is much faster than Java's built in URLClassLoader.
  • RFC3986 compliant Uri.
  • Atomic Serialization outperforms standard Java.
  • JERI (Jini Extensible Remote Invocation) outperforms java RMI.
  • Unnecessary DNS calls have been eliminated.
  • Hi performance lookup service method delays or avoids unnecessary codebase downloads.

For secuity reasons, Java 24 and later versions are not supported.

  • Authorization is a foundational component of JGDMS, required to limit privileges between cooperating, trusted but independant parties. Just because you trust to do business with someone, doesn't mean you would allow them to access all your personal information.
  • We do not reccommend you run untrusted code (sandboxing), with JGDMS, you can ensure that users are only granted privileges using the code you intended them to use.
  • If you would like to assist maintaining a fork of Java that includes Authorization, please get in touch.

A footnote on JEP411 and JEP486

In years to come, when Java deployments are sufferring from multiple vulnerabilities, the decision to remove Authorization from Java will be seen with hindsight as one of the biggest blunders made by the OpenJDK team. Java might have avoided a number of vulnerabilities, had Java's trusted computing base remained small, had permission checks been made for enabling data parsing, and the work of Li Gong been properly maintained. I strongly advise against running without a SecurityManager, JGDMS has for many years been run with the SecurityManager enabled. Statments made on the JEP411 page, are simply incorrect. The time will come when this footnote is proven correct.

About

Infrastructure for providing secured micro services, that are dynamically discoverable and searchable over ipv6 networks

Topics

Resources

License

Apache-2.0, Apache-2.0 licenses found

Licenses found

Apache-2.0
LICENSE
Apache-2.0
LICENSE.txt

Code of conduct

Stars

Watchers

Forks

Packages

No packages published