roman seidl wrote:
>
> Hello Rickard,
>
> Wednesday, July 12, 2000, 10:41:45 AM, you wrote:
>
> >> How does JAAS map to the Object level - Isn�t is intended to be used
> >> mainly rather with files than with objects? How would a JAAS API and a
> >> object function call match?
> R�> JAAS allows us to authenticate the caller. This information can then be
> R�> used to implement the security as defined in the EJB spec.
> So i could use JAAS to set a rule for a user depending on the obejct
> the rule is applied to?
> Or is it for authentification only?
My thought is that there really ought to be separate authentication and
authorization. There could be JAAS implementations of either, but I
really think that JAAS is much stronger on the Authentication side than
the Authorization side. (based on a quick reading of spec and API doco,
not actual in depth knowledge (yet))
>
> I�d really need a security system that allows granting rights on an
> instance level.
Not as unusual as certain specs might lead you to believe. One problem
here is that the EJB spec defines security over a bean's method, not
including the primary key (or any other way to indicate the bean
instance you care about).
You could do something like define rolls based on the PK of the bean you
need (ShipCaption_LandLubber, where 'LandLubber' is the PK value of an
instance of ShipBean), then have sessions call isUserInRoll. This is
really rather cheesy and non-scalable, however.
> If there is any ideas on how to implemt it id really
> like to get to know them.
Me too, since I'm listed as working on it 8^})
I'm just getting to the end of a sprint at work and should be able to
start thinking about it.
>
> R�> Not out just yet. Coming to a mailing list near you really soon though
> R�> :-)
>
> Maybe a draft should be submitted - i want information :)
>
> mfg
> roman
> --
> -------------------------------------------------------------------
> Roman Seidl Design & Developement
> -------------------------------------------------------------------
> Public Voice Lab Operngasse 24, A-1040 Vienna
> Tel.: +43-1-585 22 80/23 Fax: +43-1-585 22 80/99
> e-mail: [EMAIL PROTECTED] web: www.pvl.at
> -------------------------------------------------------------------
