oops, actually this is chapter 9 (jbosssx) of the manual.
On 2001.10.09 20:31:28 -0400 David Jencks wrote:
> Read Scott Stark's paper on advanced security/security proxies, linked
> from
> the jboss website. It's an unbelievably elegant solution to this kind of
> problem.
>
> david jencks
>
> On 2001.10.09 19:12:43 -0400 Joel Boehland wrote:
> > Hi,
> > I'm hoping to get some feedback from the JBoss crew on
> > how folks are implementing fine-grained security
> > access on their application objects. I understand how
> > to use JAAS and EJB security to provide coarse grained
> > security (For instance, making the call the the
> > removeUser() method in a SessionBean be mapped to the
> > "admin" role), but I'm wondering how folks are
> > implementing security on a per-object basis, or state
> > dependent basis. For instance, Let's say you have a
> > Document EJB with a content field. You have a method
> > editContent(String newContent), that you want to
> > restrict to owners/editors of that particular document
> > EJB. How are folks implementing security access like
> > this?
> >
> > One way I have thought of, using JBOSS+JAAS would be
> > to create a role:
> > "DOCUMENT_EDITOR.<document-id>" for every document
> > object. So, if a user created a new Document EJB, with
> > an id of 456, I would enter a role:
> > "DOCUMENT_EDITOR.456" into the roles table and map it
> > to that user's Principal object. Then in the Document
> > EJB editContent() method I would have:
> >
> > public void editContent(String newContent){
> > long id = getId(); //get the id for this bean
> > String requiredRole = "DOCUMENT_EDITOR."+id;
> >
> > if(ejbContext.isCallerInRole(requiredRole)){
> > //allow the edit...
> > }
> > else{
> > //throw some access exception here...
> > }
> > }
> >
> >
> > What do folks think of this approach? Any other
> > ideas/implementations? Are there any standard j2ee
> > access-control api's out there that I'm not aware of?
> > I'd like to get some feedback on this before I commit
> > to an implementation, so if anybody has any other
> > ideas, links to docs, etc, I'd appreciate it.
> >
> >
> > Thanks!
> > --Joel
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Make a great connection at Yahoo! Personals.
> > http://personals.yahoo.com
> >
> > _______________________________________________
> > JBoss-user mailing list
> > [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/jboss-user
> >
> >
>
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/jboss-user
>
>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
