[jboss-user] [Security & JAAS/JBoss] - JAAS Extension / disabling JAAS - HELP NEEDED!!!
zetzioni
do-not-reply at jboss.com
Sun Mar 4 10:08:35 EST 2007
Hi,
What I would like to be able to do is this:
1. Not use JAAS for authorization, only authentication
2. Instead what I would like to do is write my EJB3 interceptor for authorization
3. This interceptor would create an MyEJBMethodPermission, and would call the Security Manager with it.
4. What would the MyEJBMethodPermission do in its implies()? it would extract from the method parameter some information, from there and additional user information would infer what is the relevant user's role, and compare this role with the role that is needed for the method to execute.
My questions are these:
1. Can I extend EJBMethodPermission, and still use JAAS for authorization somehow?
2. If not, can I disable JAAS authorization and do as I described above?
3. Any other recommended way of getting this effect?
Thanks.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4024908#4024908
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4024908
More information about the jboss-user
mailing list