• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

ACL _ implementation

 
Ranch Hand
Posts: 82
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am into a team of developers who are trying to figure out an optimized way of implementing a user level security mechanism. We have thought of number of altenatives, likes of implementing relationship objects, Security objects for each object and then relating them at runtime etc.
Once a while it came to us that we can also use ACL for each object/user. I was wondering if i could get some information on how are these ACL's implemented ? Should i go for a user based one, or a object based one or the other way round.
If anybody can help me regarding the idea or any place where i can find information on this topic.
thanks in advance.
 
"The Hood"
Posts: 8521
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I assume that you are talking about ACL = Access Control List
http://java.sun.com/j2se/1.3/docs/api/java/security/acl/Acl.html http://java.sun.com/javaone/javaone97/java1-97-security.html
This quote makes it look like they are expecting you to use directory and object based security.
from : http://java.sun.com/features/1997/aug/jws1.html


In addition to the Server Sandbox, Access Control Lists are a key feature of server security. ACLs are used for various levels of authentication and authorization in the server and in Java Servlets. There is a server-wide ACL (see sidebar on issues for Unix variations), and separate ACLs can be specified for any file or directory, or for a specific Java Servlet. Because all user information is passed to the Java Servlet as part of the HTTP request in the service routine, Java Servlets can implement additional authorization as a part of the service method. Remote Java Servlets can be signed or unsigned, and each signer has a set of privileges as described by the Java Servlet ACL in the Java ServletMgrRealm.


and not
ACL = Agent communication language http://java.sun.com/aboutJava/communityprocess/jsr/jsr_087_jas.html
 
Raghvendra Sharma
Ranch Hand
Posts: 82
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Cindy,
I have gone through your links and appreciate your help. But i have tried to refine my problem a bit further and has posted it as another new topic at -
<a href="http://www.javaranch.com/ubb/Forum1/HTML/000924.html"> Security System Design </a>
Please be kind enough to look at the link and give it a thought.
regards
raghav..
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic