JAAS has its own Policy object: javax.security.auth.Policy that allows you do
integrate arbitrary sources of subject based security and you can make this
as dynamic as you want. In the new JBossSX framework there is an implementation
of this class that externalizes the subject based permissions into an interface that
allows you to hook up to xml(the default), ldap or a database. See the JBossSX
docs come monday.
----- Original Message -----
From: "Rich A. Schiavi" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 02, 2001 7:23 AM
Subject: [jBoss-User] dynamic jaas: db implementation
>
> i'm working/analysing a perms architecture for an implementation on brock
> (enhydra). i've been pointed to jboss, which apparenlty implemented a dynamic
> jaas module with a DB back end.
>
> i've been exploring how to do this and wonder if anyone could point me to the
> strategy and code which achieves this. i've in a sense, figured a way with the
> standard java2 security grants to use a RDBMS or LDAP backing store intead of a
> flat file by implementing a custom PolicyFile implemenation. Implementation of
> a custom/dynamic policyfile seems to help alleviate the dynamic updates/config of
>the java2
> specific java policy security. however, how would one achieve this with the new
> format of the jaas.policy type file?
>
> With JAAS, how/where/what would you do do update that grant entry? I see no
> place with Jaas where it mentions the ability to change the policy configuration
> from a flat file to a RDBMS or LDAP or whatever?
>
> for example, currently, let's say you had some role Foo, with a specific
> featurePermission (i'm just making this up) from a jaas demo i wrote a while
> back.
>
> grant Principal com.foo.principal.Admin {
> com.foo.feature.permission.UpdateUser "read,write";
> }
>
> with jaas, my "admin" user logs in and via the LoginModule, a associated Admin
> principal is added to it's Subject. So let's say in a admin module, the update
> user has a check permission, if this user is in a context that has that
> permission, we can access/run the method.
>
> void updateUser(){
> AccessController.getContext().checkPermission(new
> com.foo.feature.permission.UpdateUser());
>
> My question would be if we want to add a new "permission" to the Admin Principal we
> dynamically create, say DeleteUser. Say for simplicity, we already had the method
>deleteUser with
> the checkPermission, but it wasn't in the jaas.policy grant above.
>
>
>
>
>
>
>
> Rich
>
> 4Charity.com
> http://www.4charity.com
> ph: 866-585-6164
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: 2.6
>
> mQCPAzoe508BbQEEAJ2+P3KI4IKityGbSoGyqzhOi1Bl1aD59gGXAtg125LIaHyp
> 0nTuNQuy3tp6ooxq249gYf6Q3o91/BkYQU0yMUiayKDc5Zbya8YwsJ/Di/b+rouJ
> xmvxTu3CSqWYWWS1dHreTI8kEKnJsNppBnYhCsDc5ovLJJIeZBbOTojfb3JtABEB
> AAG0I1JpY2ggQS4gU2NoaWF2aSA8cmljaEA0Y2hhcml0eS5jb20+iQCVAwUQOh7n
> TxbOTojfb3JtAQFzlAQAk+U/a3xkdMGauzpaTEK2b8vjiqOCzcrKARUBPOiGY/UA
> mx5VjioQE/n5uxcKS+k8ZiFNpVVcaW3Kn0tvOjT5YbV2U/oByCz9otV8UaAcMcih
> sKCOkRgPlTtLLhe5q1JlvgF6n1p9TyO3Q3PYVsvr6diRX5zpQKQfc5YpotPc27Q=
> =txpi
> -----END PGP PUBLIC KEY BLOCK-----
>
>
>
>
> --
> --------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
>
>
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
