Re: jdo security revamped proposal

Mon, 05 Nov 2007 16:12:38 -0800 

Hi Erik,
While I think this is an ingenious use of Java platform security, I can't see it in the 2.1 timeframe. 


Even if we consider it for a later release, I am not convinced that  
this should be **the** way to secure PC instances.  This proposal  
doesn't clearly address, IMHO, the case where you may want to support  
a use case wherein a domain object itself represents a principal, so  
that you can dynamically assign permissions at runtime.  For example,  
I don't see how you can use this proposal to enforce that the User  
instance associated with Person "Bob" represents a principal, and  
when the principal of the security context of the current thread is  
Bob's User instance, he can access all salary and wage fields of all  
Employment instances.



Further, is there a way to explicitly **deny** access to a particular  
PC?  For example, I don't see how you can use this proposal to  
enforce that the User instance associated with Person "Bob"  
represents a principal, and when the principal of the security  
context of the current thread is Bob's User instance, he can access  
all salary and wage fields of all Employment instances except those  
associated with Employee instances associated with Person instances  
"Sally" and "Joe".



As a bit of positive feedback, I would suggest ditching XPath for  
some kind of "OPath" (JDOPath?) that supports indexing collections  
and maps (dots instead of slashes, square bracket operators for list/ 
map indexing).


-matthew

On Nov 5, 2007, at 12:14 PM, Erik Bengtson wrote:


Hi,

After negative feedback, I have a different proposal for securing JDO
resources.

Different from my initial proposal using declarative security  
(XML), here I

propose using the standard java security.
The example is self-explaining:

--- Persistent Class sample:
package com.petstore;

class Pet
{
   String name;
}

--- Security policy sample:

grant principal "bart"
{

permission javax.jdo.spi.JDODataPermission "/com/petstore/Pet 
[EMAIL PROTECTED]'dog']",

"read,write";
}

grant
{
permission javax.jdo.spi.JDODataPermission "/com/package", "read";

permission javax.jdo.spi.JDODataPermission "/com/petstore/Pet",  
"read";

};

--- javax.jdo.spi.JDODataPermission:

javax.jdo.spi.JDODataPermission(String name, String actions);


--- PMF/System property that will enable/disable security checks by  
the JDO

implementation
javax.jdo.security.manager=false|true

The only particularity of my proposal is the name argument for
JDODataPermission that uses Xpath.

Regards,
































					Reply via email to