[Jboss-dev-forums] [Design of JBoss Portal] - Mimic Security Manager in JBoss Portal

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Julien was mentioning that it would be nice to have security checks made against the construction of portal resources like Page, Window etc.

So for example, when the portal core calls

  |     Window window = new WindowImpl();
  | 
  | or
  |  
  |     Page page = new PageImpl();
  | 

a check should be made to see if the user has the permissions for the construction of portal resources.

There is no requirement to use a java security manager for this.

Possible Solutions:
1) Use AOP to incorporate a security aspect.  (Julien's idea)
2) Use the concept of Security Proxy available in the JBossSX layer against EJB invocations.

Thoughts?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3920452#3920452

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3920452