i'm working/analysing a perms architecture for an implementation on brock
(enhydra). i've been pointed to jboss, which apparenlty implemented a dynamic
jaas module with a DB back end.
i've been exploring how to do this and wonder if anyone could point me to the
strategy and code which achieves this. i've in a sense, figured a way with the
standard java2 security grants to use a RDBMS or LDAP backing store intead of a
flat file by implementing a custom PolicyFile implemenation. Implementation of
a custom/dynamic policyfile seems to help alleviate the dynamic updates/config of the
java2
specific java policy security. however, how would one achieve this with the new
format of the jaas.policy type file?
With JAAS, how/where/what would you do do update that grant entry? I see no
place with Jaas where it mentions the ability to change the policy configuration
from a flat file to a RDBMS or LDAP or whatever?
for example, currently, let's say you had some role Foo, with a specific
featurePermission (i'm just making this up) from a jaas demo i wrote a while
back.
grant Principal com.foo.principal.Admin {
com.foo.feature.permission.UpdateUser "read,write";
}
with jaas, my "admin" user logs in and via the LoginModule, a associated Admin
principal is added to it's Subject. So let's say in a admin module, the update
user has a check permission, if this user is in a context that has that
permission, we can access/run the method.
void updateUser(){
AccessController.getContext().checkPermission(new
com.foo.feature.permission.UpdateUser());
My question would be if we want to add a new "permission" to the Admin Principal we
dynamically create, say DeleteUser. Say for simplicity, we already had the method
deleteUser with
the checkPermission, but it wasn't in the jaas.policy grant above.
Rich
4Charity.com
http://www.4charity.com
ph: 866-585-6164
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6
mQCPAzoe508BbQEEAJ2+P3KI4IKityGbSoGyqzhOi1Bl1aD59gGXAtg125LIaHyp
0nTuNQuy3tp6ooxq249gYf6Q3o91/BkYQU0yMUiayKDc5Zbya8YwsJ/Di/b+rouJ
xmvxTu3CSqWYWWS1dHreTI8kEKnJsNppBnYhCsDc5ovLJJIeZBbOTojfb3JtABEB
AAG0I1JpY2ggQS4gU2NoaWF2aSA8cmljaEA0Y2hhcml0eS5jb20+iQCVAwUQOh7n
TxbOTojfb3JtAQFzlAQAk+U/a3xkdMGauzpaTEK2b8vjiqOCzcrKARUBPOiGY/UA
mx5VjioQE/n5uxcKS+k8ZiFNpVVcaW3Kn0tvOjT5YbV2U/oByCz9otV8UaAcMcih
sKCOkRgPlTtLLhe5q1JlvgF6n1p9TyO3Q3PYVsvr6diRX5zpQKQfc5YpotPc27Q=
=txpi
-----END PGP PUBLIC KEY BLOCK-----
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
