----- Original Message -----
From: Gerhard Froehlich <[EMAIL PROTECTED]>
To: Jakarta Commons Developers List <[EMAIL PROTECTED]>
Sent: Saturday, February 23, 2002 1:18 PM
Subject: RE: [simplestore] alt. not JDBC Storage and AccessControl [was:
AccessControl]
> Juozas,
>
> >As I understand you are working on security.
>
> ;) I try. Some questions:
> Acl => List which holds to each Principal a Set of AclEntry's
> AclEntry => entry in an Access Control List
> Permission => used to grant a particular type of access
> to a resource
> Principal => used to represent any entity, such as an
> individual, a corporation, and a login id.
>
> For me the Acl is a simple Hashmap, which holds for each
> Prinicpal a Set of AclEntry's. Key is the Principal and
> value is a Set of AclEntry's.
> There are two AclEntry with one READ and one WRITE Permission.
>
> In our case each Acl contains ony one AclEntry for an Principal,
> either READ or WRITE .
>
> What do you think?
Yes, it must be trivial to implement. A single problem is login , I don't
see any
authentication in Acl we must usesomething this kind :
AuthenticationManager.login("user","password");
object.setSomething(something);//throws security exception if "user" has no
permission on method
// or some pluged AuthorizationManager
decides to throw this;
login implementation :
login(String user, String password){
// weak keys, not values !!!
weakMap.put(Thread.currentThread(), new PrincipalImpl(user));
}
Principal currentPrincipal(){
return (Principal)weakMap.get(Thread.currentThread());
}
// code in proxy :
invoke(......){
Principal p = AuthenticationManager.currentPrincipal(); // null if not
authenticated
check(p, .....);
<scip>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
