[jboss-user] [Security & JAAS/JBoss] - JACC and Authorization for a Web Application
jgilmore
do-not-reply at jboss.com
Fri Dec 14 11:28:57 EST 2007
I am trying to use JASS authorization in JBOSS. i.e. grant granular Permissions to Principals within a JASS policy file. I believe the JACC module provides implementation for this however the wiki (http://wiki.jboss.org/wiki/Wiki.jsp?page=JACC) does not sufficiently describe how it is supposed to work.
Can anybody provide a thorough example of how to implement JACC for a web application running on JBoss?
To be a little more clear, the JAAS Policy shown below uses custom Principal and Permission classes from my application. How can I get the JBoss SecurityManager to load this application specific authorization config? Is JACC even the right direction??
| grant Principal com.ftid.custadmin.security.ClientAdminPrincipal "view_customer" {
| com.ftid.custadmin.security.ViewIdPermission "/client/clientView.*";
| };
| grant Principal com.ftid.custadmin.security.ClientAdminPrincipal "view_update_customer" {
| permission com.ftid.custadmin.security.ViewIdPermission "/client/clientEdit.*";
| };
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4113000#4113000
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4113000
More information about the jboss-user
mailing list