[Jboss-dev-forums] [Design of Security on JBoss] - Re: jbpm process security

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Give some specific examples of more complicated authorization rules. Your choices are:

1. If the rules can be decomposed into a user having a set of roles, the existing JAAS mechanism can be used.
2. If the rules require more logic, but can be expressed using custom java.security.Permission objects, you can use the java.security.Policy mechanism to assign permissions to users and test the permissions using the Policy.implies check similar to how JACC works.
3. If the permission rules just don't fit Permissions, we need a new security service that layers on top of the others and employs a rules engine to help with the permissions evaluations.

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3878552#3878552

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3878552