I am into a team of developers who are trying to figure out an optimized way of implementing a user level security mechanism. We have thought of number of altenatives, likes of implementing relationship objects, Security objects for each object and then relating them at runtime etc. Once a while it came to us that we can also use ACL for each object/user. I was wondering if i could get some information on how are these ACL's implemented ? Should i go for a user based one, or a object based one or the other way round. If anybody can help me regarding the idea or any place where i can find information on this topic. thanks in advance.
In addition to the Server Sandbox, Access Control Lists are a key feature of server security. ACLs are used for various levels of authentication and authorization in the server and in Java Servlets. There is a server-wide ACL (see sidebar on issues for Unix variations), and separate ACLs can be specified for any file or directory, or for a specific Java Servlet. Because all user information is passed to the Java Servlet as part of the HTTP request in the service routine, Java Servlets can implement additional authorization as a part of the service method. Remote Java Servlets can be signed or unsigned, and each signer has a set of privileges as described by the Java Servlet ACL in the Java ServletMgrRealm.
"JavaRanch, where the deer and the Certified play" - David O'Meara
posted 18 years ago
Thanks Cindy, I have gone through your links and appreciate your help. But i have tried to refine my problem a bit further and has posted it as another new topic at - <a href="http://www.javaranch.com/ubb/Forum1/HTML/000924.html"> Security System Design </a> Please be kind enough to look at the link and give it a thought. regards raghav..