lunes, 12 de agosto de 2013

Seguridad informática en Java

Recorrido por temas en materia de seguridad informática en Java:

http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html
http://en.wikipedia.org/wiki/Java_security
http://en.wikipedia.org/wiki/Mockito
http://code.google.com/p/mockito/
http://docs.oracle.com/javase/1.5.0/docs/api/java/security/package-summary.html#package_description
http://docs.oracle.com/javase/1.5.0/docs/api/java/lang/reflect/Proxy.html
http://docs.oracle.com/javaee/6/tutorial/doc/bnbwj.html


http://docs.oracle.com/javase/6/docs/technotes/guides/security/overview/jsoverview.html
http://static.springsource.org/spring-security/site/features.html
http://en.wikipedia.org/wiki/Spring_Security
http://blog.javabenchmark.org/2013/05/java-instrumentation-tutorial.html

La forma "de libro" para manipular una clase (con javassist) empieza así:

ClassPool cp = ClassPool.getDefault();
CtClass cc = cp.get("org.javabenchmark.instrumentation.Sleeping");

Una alternativa, si el ClassPool no tiene acceso a la clase org.javabenchmark.instrumentation.Sleeping (por ejemplo, se cargó con un ClassLoader diferente):

ClassPool cp = ClassPool.getDefault();
cp.makeClass(new ByteArrayInputStream(classfileBuffer));
CtClass cc = cp.get(className.replaceAll("/", "."));

Java 5 API doc:
 Parameters
[...]
className - the name of the class in the internal form of fully qualified class and interface names as defined in The Java Virtual Machine Specification. For example, "java/util/List".
[...]
classfileBuffer - the input byte buffer in class file format - must not be modified