Table of Contents
This example shows the following features:
Signing an agent with different private key
Preventing an agent from reading a file
Preventing an untrusted agent from entering your habitat
Note: Be sure to remove the remote hosts you added in the previous scenario from the file places2go.txt
Look at the "dna" targets in the build.xml file. The targets chat2 and chat2-dev3 use the same JAR file to build the agent DNA, but use different keystores to sign it.
The link to the build.xml file may not work with all browsers.
<target name="chat2" depends="init, chat2.jar">
<dna dna="${agents.dnadir}/chat2.dna"
agentdescriptor="${relative.descriptors}/chat2.descriptor.xml"
keystore="${config.dir}/keystore1.dat"
alias="developer1"
storepass="developer1">
<jarfileset dir="${relative.jarfiles}">
<include name="chat2.jar"/>
</jarfileset>
</dna>
</target>
<target name="chat2-dev3" depends="init, chat2.jar">
<dna dna="${agents.dnadir}/chat2-dev3.dna"
agentdescriptor="${relative.descriptors}/chat2.descriptor.xml"
keystore="${config.dir}/keystore3.dat"
alias="developer3"
storepass="developer3">
<jarfileset dir="${relative.jarfiles}">
<include name="chat2.jar"/>
</jarfileset>
</dna>
</target>
To build the agents, type in the scenarios directory :
build chat2
build chat2-dev3
To run the example, type:
habitat chat2security.xml
When you run the example, you will see the following error message:
++source: tryllian.scenarios.chat2.ChatterAgent2(@Mark), prio: error
Error while trying to read places2go.txt:
java.security.AccessControlException: access denied (java.io.FilePermission places2go.txt read)
This error occurs because the agent Mark is signed by "developer3" and is not allowed to read a file.
The file config/roles.prop maps aliases (certificates) to roles. Roles describe what the code signed by a certain certificate can or cannot do. Look in the roles.prop file. At the end, you will see the following:
// Agents made by group_a get All
// These are agents signed by developer1 and developer2
developer.role.group_a=All
// Agents made by group_b
// These are agents signed by developer3 and developer4
developer.role.group_b=Basic
These roles are assigned to group_a and group_b, and not to individual developers. If desired, you can also assign roles to specific developers.
The scenarios contain four keystores. Keystore 1 and 2 are signed by group_a, keystore 3 and 4 are signed by group_b. You can see that group_a has "All" as role. This allows agents to do anything - there are no security restrictions. Generally, this role is only assigned to your own agents or to ones signed by a known system administrator.
Group_b is assigned the "Basic" role. This role is assigned to uncertain agents. For instance, the Basic role does not allow an agent to read a file. (See the directory roles for exact descriptions of each permission by Role).
Now, replace the Basic role for group_b with the "Nothing" role. This is the most restrictive set of permissions. Agents with this role are not even allowed to enter the habitat! Start the habitat and watch the agent signed by developer3.
Agents can have different roles in different habitats. For example, agents signed by group_a may be refused entry habitats into other hosts.
Be sure to undo the changes made in the config\roles.prop file after you are finished with this scenario, since this will interfere with the functioning of other scenarios.