Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

JAAS and functional security ?

$
0
0

I've always liked JAAS as it provides for a pluggable login mechanism. The exact same code is used for login to LDAP, NT, Kerboros, passwd files, Propertiary system A, B, C etc. That's beautifull ;)

The only thing i'm really missing, is to find good usages of the SecurityManager, Subject, Prinicipal and Credentials classes/concepts. I can find loads of articles talking about the pluggable architechure, the ClassLoader protection and encryption support of JAAS - but no real articles about how one would go about doing something like:

public List findDrugs(x,y,z) { checkPermission("MayFindDrugs"); List drugs = performSearch(x,y,z); foreach drug in Drugs { if(drug.isNarcotic() && checkPermission("MayPrescribeNarcotics")) { result.add(drug); } else { result.add(drug); } } }

In other words - how would one setup JAAS and all its "cousins" classes, policy-file etc. to provide

FUNCTIONAL security ?

Also the current file based policy system seems to restrictive, simple and unmanageble, isn't there

any good example of a good, clean and flexible policy "provider" ?

And is JAAS the right tool for the job ? (I hope so as it seem to have all the needed parts...)

Maybe I'm just not seeing the forrest for all the trees - but I just can't seem to find it....maybe I don't got

the right Credentials yet ? ;-)


Viewing all articles
Browse latest Browse all 12749

Trending Articles