• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Rob Spoor
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Holloway
  • Piet Souris
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Frits Walraven
  • Himai Minh

Differences between authorisation in JAAS and EJB security

 
Ranch Hand
Posts: 300
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HI,
Both EJB and JAAS offer mechanisms where you can stop some users doing certain things.
In EJB, you can annotate business methods and in JAAS you can configure Principal's privileges in policy files.

I am trying to get into my head the differences between authorisation in JAAS and authorisation in EJB.

How about this:

1. The JAAS, anything that requires privileges is put into a class which implements the java.security.PrivilegedAction. This means that some code that isn't even an EJB can have some it's priviledges restricted.

2. In JAAS the range of privileges are defined by the security model. They consist of things like file access, reading certain system properties etc. The EJB security access doesn't have any configuration for things like file access or reading system properties. You'd have to put the parts of your code into methods that did this and then annotate those methods.

3. In EJB the authorisation consists only of whether it is permissable for a user to execute a certain method or not. JAAS doesn't provide this out of the box. I think you could check the principal at runtime and then write some if / else logic but it doesn't come out of the box.

Correct me if I am wrong on any of the above and feel free to add any key conceptual difference between the two I have missed.

Thanks!
 
Luke Murphy
Ranch Hand
Posts: 300
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
4.
Because the authorisation in JAAS uses the policy / permission framework, it works on a jar file level whereas the EJB annotations can of course be much more fine grained.
 
Do not meddle in the affairs of dragons - for you are crunchy and good with ketchup. Crunchy tiny ad:
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic