The largest Interview Solution Library on the web


java tutorials/
« Previous | 1 | 2 | 3 | Next »

Exploiting J2SE Security (2/4)


  • Example: Role as principals :

  • Mapping of principal to "role principals" happens in the JAAS login module

  • isCallerInRole() looks for the appropriate EJB role principal in the in the current thread

  • Typically, does the current caller have permission for this method?

  • Method dispatch authorization tests check, via checkPermission(), the corresponding MethodPermission

  • JAAS-like Syntax:

  • grant MethodPermission(ejb.account.withdraw) to RolePrincipal(customer)

  • grant MethodPermission(ejb.loan.borrow) to RolePrincipal(customer)
« Previous | 1 | 2 | 3 | Next »


copyright © 2014 - all rights riserved by javatechnologycenter.com