• Post Reply Bookmark Topic Watch Topic
  • New Topic

Custom Security like EJB using JAAS

 
Rahul Parsad
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all
I want to implement security model for granting access permissions at object method level.
suppose i have a class

An object of account class is created by manager and passed to report generator for generate report

one solution of this problem is to make an interface with only getBalance() method, and implement this in Account class, and pass Account object to report generator by this reference.
But the problem is that, I don't know in advance that where this object will be passed in future. for each place method access permissions are different for account object. It means i have to create all possible interfaces and implement that..
JBoss solves this problem by generating security code for each method, where it checks user role before calling method of actual EJB Object. EJB server uses request intercepter for this.
Do i have to create request interceptors for all of my classes like..

Is there any thing in JAAS, which is used to declare this kind of method permissions without modifying Account class code.
like
permissions.xml
<class name="Account">
<method-permission name="getBalance">ReportGenerator<method-permission>
</class>
rahul
SCJP2, SCWCD,IBM XML, IBM UML, IBM J2EE, Oracle PL/SQL
[ November 26, 2002: Message edited by: Rahul Parsad ]
[ November 26, 2002: Message edited by: Rahul Parsad ]
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!