• Post Reply Bookmark Topic Watch Topic
  • New Topic

security  RSS feed

 
Maximilian Trenks
Ranch Hand
Posts: 104
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello,
I can't figure out how to make use of the security that comes with every J2EE server, let's say for example Websphere. You can define rollbased permission quite fine-grained on method level. but does this really solve the problems in real world applications ?
let's say we have to make a e-procurment application. how can i restrict pepole from buying products which cost over 500€, but at the same time allow managers to buy products over 500€ ?
private static final double someValue = 500;
if(total>someValue) {
buyProductBiggerThenSomeValue();
} else {
buyProduct();
}
Now based on these 2 methods I could define rolls, it would work and we would have the problem resolved.
But isn't that a bit too much effort for using container managed security ? Using JAAS security wouldn't be much more code, compared that you have to actually double the code of the method buyProduct().
Please comment on this.
Cheers,
max
 
Nitzan Levi
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
you dont have to use the role only in the method level , you can also use the role inside your code. so you need to define the right roles that fits to your business requirements and then check inside your business code if the current user has the rigth roll to perform the specific action(isCallerInRole).i agree that it's tiding your application code to the defined roles but i dont know another way to do it.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!