Re: [JBoss-user] Fine grained security & JBOSS

Tue, 09 Oct 2001 17:17:07 -0700 

Read Scott Stark's paper on advanced security/security proxies, linked from
the jboss website.  It's an unbelievably elegant solution to this kind of
problem.

david jencks

On 2001.10.09 19:12:43 -0400 Joel Boehland wrote:
> Hi,
> I'm hoping to get some feedback from the JBoss crew on
> how folks are implementing fine-grained security
> access on their application objects. I understand how
> to use JAAS and EJB security to provide coarse grained
> security (For instance, making the call the the
> removeUser() method in a SessionBean be mapped to the
> "admin" role), but I'm wondering how folks are
> implementing security on a per-object basis, or state
> dependent basis. For instance, Let's say you have a
> Document EJB with a content field. You have a method
> editContent(String newContent), that you want to
> restrict to owners/editors of that particular document
> EJB. How are folks implementing security access like
> this? 
> 
> One way I have thought of, using JBOSS+JAAS would be
> to create a role:
> "DOCUMENT_EDITOR.<document-id>" for every document
> object. So, if a user created a new Document EJB, with
> an id of 456, I would enter a role:
> "DOCUMENT_EDITOR.456" into the roles table and map it
> to that user's Principal object. Then in the Document
> EJB editContent() method I would have:
> 
> public void editContent(String newContent){
>   long id = getId(); //get the id for this bean
>   String requiredRole = "DOCUMENT_EDITOR."+id;
>   
>   if(ejbContext.isCallerInRole(requiredRole)){
>     //allow the edit...
>   }
>   else{
>     //throw some access exception here...
>   }
> }
> 
> 
> What do folks think of this approach? Any other
> ideas/implementations? Are there any standard j2ee
> access-control api's out there that I'm not aware of?
> I'd like to get some feedback on this before I commit
> to an implementation, so if anybody has any other
> ideas, links to docs, etc, I'd appreciate it.
> 
> 
> Thanks!
> --Joel
> 
> __________________________________________________
> Do You Yahoo!?
> Make a great connection at Yahoo! Personals.
> http://personals.yahoo.com
> 
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/jboss-user
> 
> 

_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to