Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / February 2004

Tip: Looking for answers? Try searching our database.

How do I design this within java.security? It should be simple I hope.

Thread view: 
Enable EMail AlertsStart New Thread
Sam - 11 Feb 2004 15:43 GMT
I have an idea for a simple security architecture and would like to
implement it within the java.security package but I am very confused
by the framework.

What I want to do is assign a user to a role (or multiple roles). A
role would consist of a list of Capabilities (are these Permissions?)
a user may have.  For example, imagine I have one Capability
(Permission) in my system called People.  The role of User may have
level 1 which is read-only.  The role of Administrator may have level
2 which is read/write/add.  The role of SuperUser may have level 3
(read/write/add/delete).  In reality, there would be many Capabilities
(Permissions), each with a value of 0 (can't see) to 3
(read/write/add/delete). These capabilities are used throughout my JSP
pages to give the correct access to certain things (Should I show the
delete button for example).  I create Roles with the correct levels of
capabilities (permissions).  I assign a user to one or more Roles.
All this information is stored in my database in various tables.

Is what I am calling a capability a Permission?

Can I use the concept of levels (integers) for a single Permission?

Hope this makes sense and thanks in advance.

Sam
Reply to this Message
JK - 11 Feb 2004 17:03 GMT
> I have an idea for a simple security architecture and would like to
> implement it within the java.security package but I am very confused
> by the framework.

that's normal. ;-)

> What I want to do is assign a user to a role (or multiple roles). A
> role would consist of a list of Capabilities (are these Permissions?)
[quoted text clipped - 11 lines]
>
> Is what I am calling a capability a Permission?

it can be implemented as such.

> Can I use the concept of levels (integers) for a single Permission?

each permission class has a set of names (values), which are strings.
you don't need integers but can use the implies() method. so in your
case delete implies add, etc.

role based access can be implemented using the classes in the
java.security.acl package. define a role as a group that holds people
(principals) who currently play that role. unfortunately, the
acl-package only contains interfaces, so you will have to implement
everything yourself. maybe you write your own easier api for your purpose.

JK
Reply to this Message
Robert Paris - 12 Feb 2004 18:44 GMT
Just use JAAS. It's included in Java 1.4 and is an optional package for 1.3.
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.