Hi all
I want to implement security model for granting access permissions at object method level.
suppose i have a class
An object of account class is created by manager and passed to report generator for generate report
one solution of this problem is to make an interface with only getBalance() method, and implement this in Account class, and pass Account object to report generator by this reference.
But the problem is that, I don't know in advance that where this object will be passed in future. for each place method access permissions are different for account object. It means i have to create all possible interfaces and implement that..
JBoss solves this problem by generating security code for each method, where it checks user role before calling method of actual
EJB Object. EJB server uses request intercepter for this.
Do i have to create request interceptors for all of my classes like..
Is there any thing in JAAS, which is used to declare this kind of method permissions without modifying Account class code.
like
permissions.xml
<class name="Account">
<method-permission name="getBalance">ReportGenerator<method-permission>
</class>
rahul
SCJP2, SCWCD,IBM XML, IBM UML, IBM J2EE, Oracle PL/SQL
[ November 26, 2002: Message edited by: Rahul Parsad ]
[ November 26, 2002: Message edited by: Rahul Parsad ]