The largest Interview Solution Library on the web


java tutorials/
« Previous | 1 | 2 | 3 | Next »

Exploiting J2SE Security (4/4)


  • Example: Role as collection of permissions and credential

  • Role is granted a collection of permissions

  • isCallerInRole() done by checking if caller has access to appropriate RolePermission collection

  • Individual method permission test performed by searching the Role permission collections, granted to the subject, for a method permissions that matches desired operation

  • JAAS-like Syntax

  • define RolePermission (customer) as { MethodPermission(ejb.account.withdraw) MethodPermission(ejb.loan.borrow) ... }

  • grant RolePermission(customer) to sam
« Previous | 1 | 2 | 3 | Next »
copyright © 2014 - all rights riserved by javatechnologycenter.com