I am building a web application for Websphere 4.0.x
I need a general purpose Access Control List (ACL) solution.
Does IBM provide an ACL API?
Does Webpshere have an ACL API?
Do you use ACL's? What API do you use?
---
Access Control Lists (ACL)
ACL API's, ACL implementations
http://jakarta.apache.org/turbine/fulcrum/apidocs/org/apache/fulcrum/security/entity/package-summary.html http://jakarta.apache.org/turbine/fulcrum/apidocs/org/apache/fulcrum/security/util/package-summary.html http://www.opensymphony.com/osuser/ http://www.opensymphony.com/osaccess/ Access control list package: java.security.acl
Classes:
javax.security.auth.Subject
java.security.Principal
java.security.acl.Owner
java.security.acl.Acl
java.security.acl.AclEntry
java.security.acl.Group
BEA WebLogic Server:
http://edocs.bea.com/wls/docs81/secmanage/index.html BEA writes {{ "In WebLogic Server 6.x, access control lists (ACLs) and permissions were used to protect WebLogic resources. In this release of WebLogic Server, security policies replace ACLs and permissions. Security policies answer the question "who has access" to a WebLogic resource. A security policy is created when you define an association between a WebLogic resource and a user, group, or security role. You can also optionally associate a time constraint with a security policy. A WebLogic resource has no protection until you assign it a security policy.
Creating security policies is a multi-step process with many options. To fully understand this process, read Securing WebLogic Resources. This document should be used in conjunction with Managing WebLogic Security to ensure security is completely configured for a WebLogic Server deployment. }}