Standard extension of JAAS for instance based authorization?

Thread view:

zets - 11 Feb 2007 11:00 GMT

I'm wondering what is the best to do the following:

I would like to extend the standard role based access control check
which is done by JAAS (based on the role needed to run the method and
the role the user has), with a test that will check if the user is
allowed to run the method on the given params.

What I have in mind is something like this: for each EJB I will have
permission class (possibly most of them will share the same), and an
interceptor that would call something like SecurityManager (or
AccessController) checkPermission. I'm missing quite a lot of the
picture though. Not enough that I'm not sure this is the right thing,
I'm also not sure on the details of how to do it. For example, how
would I map Permission class to a method in an EJB?

Has anyone done this kinda thing? any recommendation on the right way?

Thanks.

Reply to this Message

sh3khar.jha@gmail.com - 12 Feb 2007 13:07 GMT

> I'm wondering what is the best to do the following:
>
[quoted text clipped - 14 lines]
>
> Thanks.

Take a look at JACC which solves the exact problem you are talking
about :)

http://java.sun.com/j2ee/javaacc/index.html

Reply to this Message

zets - 12 Feb 2007 13:59 GMT

On Feb 12, 3:07 pm, sh3khar....@gmail.com wrote:

> > I'm wondering what is the best to do the following:
>
[quoted text clipped - 19 lines]
>
> http://java.sun.com/j2ee/javaacc/index.html

Thanks, can you please reference an example on how to do it with JACC?
I couldn't find any, or a tutorial. All I could find is the JSR
specification.

Reply to this Message

Standard extension of JAAS for instance based authorization?

Free Magazines