[jboss-user] [Security & JAAS/JBoss] - update ejb permission/role using jacc

[ematillano]

Hello JBoss Users/Developers,

My use case is that the the ejb3 services that we have developed need to be dynamically updated of its roles.  Our product which consists of ejb3 services need to be managed of role/permission mapping at runtime via some user interface.  We need a security system that can present newly deployed ejb3 services of it's EJBMethodPermission(s), which then, can be used to create roles specific to instances of the application.  I know that JBoss 4.0.5.GA supports the RoleMappingLoginModule that addresses part of this issue but I was hoping I could do this using JACC.  It seems that the way to do this is to provide my own implementation of JACC policy just like the DelegatingPolicy discussed in the wiki.  Before I go ahead with this implementation, I wanted ask the JBoss community this question: what is the best way of achieving this?  It would be nice if I can stay in J2EE 1.4 spec but that's not a must requirement.

I did notice that in the JACC spec that anonymous wrote : "...the provider must also include a management interface for policy administrators to use to grant the collections of permissions that comprise roles, to principals (section 3.2)"Is the default JBoss implementation of JACC policy provider's management interface the ejb deployment descriptors or is there something else like an mbean?  

Note: I also noticed that JBoss 5 beta 2 provides an SPI that can do this kind of stuff.  I wonder what's the degree of effort to extract these services and put them in JBoss 4.0.5.GA.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4072791#4072791

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4072791