How can I authorize processes using digital signing?

Submitted by lagreaves on Thu, 10/02/2014 - 19:24

Hi,

I would like to know if there´s a way for authorizing processes using digital signature (i.e. using self signed certificates (.pfx files)).

Thankyou in advance

Regards.

Luis

Log in or register to post comments
2507 reads

1 answer

Submitted by Sean McP on Fri, 10/03/2014 - 05:36

Interesting idea and definitely worth pursuing in the ideas section/on atlasian.

As far as I'm aware it is not possible today to auth processes themselves, but it might (note I say might) be possible to do this on the java connectors which can then be applied to processes...

My thinking is as follows but NOT tested...

Apply certificate to Tomcat
Export Java Connector (abc) to abc.zip
Unzip the file and open classpath
digitally sign the abc.jar
Zip the whole directory giving you a new abc.zip
Import into the certified Tomcat

Apply the new signed connector to the process pool - as the very first on enter connector. This would stop the process if not authorized at the first point of call and before anything else happens.

Not perfect but as an idea it may be possible and I might look to try this later. If you get to try it before I do your feedback would be invaluable.

regards Seán

Log in or register to post comments
371 reads

Comments

Submitted by lagreaves on Fri, 10/03/2014 - 15:37

Seán,

Thankyou, im going to try your idea by the weekend. I'll let you know how's it going.

Regards

Luis

Permalink

Submitted by Sean McP on Sat, 10/04/2014 - 09:02

Hi Luis,

I came across this article and company re Java security during the weekend...

If you need it that is...

Disclosure: I don't deal with either of these companies and have no interest in advertising them. This is for information specific to Java security only.

regards Seán

PS: maybe Bonita could have a look at this also and provide fully integrated secured versions of Bonita?

Deutche Bank in Java Security deal http://www.waratek.com/

Permalink