[jboss-user] [Security & JAAS/JBoss] - standard extension of JAAS for instance based authorization?

Sunday, 11 February 2007

I'm wondering what is the best to do the following:

I would like to extend the standard role based access control check which is done by JAAS
(based on the role needed to run the method and the role the user has), with a test that
will check if the user is allowed to run the method on the given params. 

What I have in mind is something like this: for each EJB I will have permission class
(possibly most of them will share the same), and an interceptor that would call something
like SecurityManager (or AccessController) checkPermission. I'm missing quite a lot of
the picture though. Not enough that I'm not sure this is the right thing, I'm also
not sure on the details of how to do it. For example, how would I map Permission class to
a method in an EJB? 

Has anyone done this kinda thing? any recommendation on the right way? 

Thanks.

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4014446#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Security & JAAS/JBoss] - standard extension of JAAS for instance based authorization?