AppletTalk.com Java discussions newsgroups   Archives   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in  Standard extension of JAAS for instance based authorization?          AppletTalk.com Forum Index -> Security and Java View previous topic :: View next topic   Author Message zets Guest Posted: Sun Feb 11, 2007 5:00 pm    Post subject: Standard extension of JAAS for instance based authorization? I'm wondering what is the best to do the following: I would like to extend the standard role based access control check which is done by JAAS (based on the role needed to run the method and the role the user has), with a test that will check if the user is allowed to run the method on the given params. What I have in mind is something like this: for each EJB I will have permission class (possibly most of them will share the same), and an interceptor that would call something like SecurityManager (or AccessController) checkPermission. I'm missing quite a lot of the picture though. Not enough that I'm not sure this is the right thing, I'm also not sure on the details of how to do it. For example, how would I map Permission class to a method in an EJB? Has anyone done this kinda thing? any recommendation on the right way? Thanks. Back to top Guest Posted: Mon Feb 12, 2007 7:07 pm    Post subject: Re: Standard extension of JAAS for instance based authorizat On Feb 11, 6:00 am, "zets" <zohar.etzi...@gmail.com> wrote: Quote: I'm wondering what is the best to do the following: I would like to extend the standardrole basedaccess control check which is done by JAAS (based on the role needed to run the method and the role the user has), with a test that will check if the user is allowed to run the method on the given params. What I have in mind is something like this: for each EJB I will have permission class (possibly most of them will share the same), and an interceptor that would call something like SecurityManager (or AccessController) checkPermission. I'm missing quite a lot of the picture though. Not enough that I'm not sure this is the right thing, I'm also not sure on the details of how to do it. For example, how would I map Permission class to a method in an EJB? Has anyone done this kinda thing? any recommendation on the right way? Thanks. Take a look at JACC which solves the exact problem you are talking about :) http://java.sun.com/j2ee/javaacc/index.html Back to top zets Guest Posted: Mon Feb 12, 2007 7:59 pm    Post subject: Re: Standard extension of JAAS for instance based authorizat On Feb 12, 3:07 pm, sh3khar....@gmail.com wrote: Quote: On Feb 11, 6:00 am, "zets" <zohar.etzi...@gmail.com> wrote: I'm wondering what is the best to do the following: I would like to extend the standardrole basedaccess control check which is done by JAAS (based on the role needed to run the method and the role the user has), with a test that will check if the user is allowed to run the method on the given params. What I have in mind is something like this: for each EJB I will have permission class (possibly most of them will share the same), and an interceptor that would call something like SecurityManager (or AccessController) checkPermission. I'm missing quite a lot of the picture though. Not enough that I'm not sure this is the right thing, I'm also not sure on the details of how to do it. For example, how would I map Permission class to a method in an EJB? Has anyone done this kinda thing? any recommendation on the right way? Thanks. Take a look at JACC which solves the exact problem you are talking about :) http://java.sun.com/j2ee/javaacc/index.html Thanks, can you please reference an example on how to do it with JACC? I couldn't find any, or a tutorial. All I could find is the JSR specification. Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First         AppletTalk.com Forum Index -> Security and Java All times are GMT Page 1 of 1   Jump to: Select a forum Java Newsgroups----------------Java DiscussionsWeb-based java games comp.lang.java 3D Graphics API's for Java Java: Support and criticism Java System Announcements comp.lang.java.api JavaBeans Java and CORBA Java and Databases comp.lang.java.developer Java GUI Toolkits Java Help comp.lang.java.javascript JVM, native methods and hardware comp.lang.java.misc Java Language Programming Security and Java comp.lang.java.setup Java Software Tools comp.lang.java.tech ibm.software.java.linux  Non-English Java Newsgroups----------------Java Language (German)Language Java (Français)Java (Italian)  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Powered by phpBB © 2001, 2006 phpBB Group SEO toolkit © 2004-2006 webmedic.