Hi Rick
This is dependant on OpenJDK creating hooks in JVM code for existing
permission's without depending existing Security infrastructure.
The major components can be found here, also available on Maven:
https://github.com/pfirmstone/JGDMS/blob/trunk/JGDMS/jgdms-platform/src/main/java/net/jini/security/Security.java
https://github.com/pfirmstone/JGDMS/blob/trunk/JGDMS/jgdms-platform/src/main/java/net/jini/security/SecurityContext.java
https://github.com/pfirmstone/JGDMS/blob/trunk/JGDMS/jgdms-platform/src/main/java/org/apache/river/api/security/CombinerSecurityManager.java
https://github.com/pfirmstone/JGDMS/blob/trunk/JGDMS/jgdms-platform/src/main/java/org/apache/river/api/security/ConcurrentPolicyFile.java
https://github.com/pfirmstone/JGDMS/blob/trunk/JGDMS/tools/security-policy-debug/src/main/java/org/apache/river/tool/SecurityPolicyWriter.java
Regards,
Peter.
On 17/06/2021 1:00 am, Rick Hillegas wrote:
Thanks, Peter. Derby supports a couple authorization mechanisms, the
most important one being the role-based SQL Standard GRANT/REVOKE
commands (see
https://db.apache.org/derby/docs/10.15/security/csecauthorization.html).
I'm afraid that my old eyes didn't see a link to your authorization
libraries in your message.
On 6/15/21 5:23 PM, Peter Firmstone wrote:
Rick,
Out of curiosity, does Apache Derby have a need for an Authorization
layer?
We have tooling to generate our policy files, which simplifies the
process a lot, we also have highly scalable and performant
SecurityManager and Policy implementations which are compatible with
standard Java policy files.
This is available under an AL2.0 license.
I'm hoping that OpenJDK will create some hooks for permission checks,
so that we can continue to provide an authorization layer for Java,
following JEP 411.
I'll be using StackWalker to reproduce AccessController's stack
walk. We also have existing classes which wrap
AccessControlContext, so we would use ThreadLocal's to preserve subject.
--
Regards,
Peter Firmstone
0498 286 363
Zeus Project Services Pty Ltd.