Hi ,
I guess you are looking for a solution that provides seamless access to components the right level of security, and want to avoid anything that will be a frequent support problem .
Don't know anything about J2EE 1.4 App Servers but but I'm surmising that the responsibility lies with the component deployer, so there should be a J2EE equivalent(within the jacc ?) to set permissions at runtime.
Good question. I hadn't thought of this issue. Could be contentious.The following may help.
Looks as though it's up to your policy provider.
The J2EE Servlet and EJB containers serve as an authorization boundary between callers and container-hosted components. When a container receives a request for a component, it determines if the caller has been granted permission to perform the request on the component. Both the Servlet and EJB APIs also provide an interface for a component to ask its container if its caller has been granted the permissions that correspond to an identified role.
The J2SE security architecture provides a fine-grained access control mechanism based on a policy-driven permission model.
For the J2SE reference implementation, the policy is represented external to the Java runtime using a simple syntax that grants permissions to authenticated entities. Authenticated entities are modeled by the java.security.CodeSource class and classes that implement the java.securityPrincipal interface.
The java.security.Policy class defines methods that are implemented by a policy provider. It is the role of the policy provider to map the external security policy to the collections of permissions granted to authenticated entities.
Any help ?
I have some webServices acting as a facade to a J2EE aplication.
May also depend on who is calling who ? A J2EE application can call a Web Service component(who'll presumably be the policy provider in this case).
In your example the policy provider may be centred around the J2EE application.
Yes, but HOW I hear you ask. Sorry , don't know.
regards
[ May 28, 2003: Message edited by: HS Thomas ]