Menu
▾
▴
[Jboss-dev-forums] [Design of Security on JBoss] - Re: Generalizing the JACC service
|
From: abelapurkar <nu...@jb...> - 2005-07-25 09:47:35
|
I essentially started with the "in-memory" JACC provider that comes out-of-the-box with JBoss 4.0.2 and enhanced it to include the mapping between the JACC Permission classes and the corresponding XACML constructs. (So, for example, the commit method was enhanced to include code for generating the XACML policy sets etc.) In my version of the provider, I've used the open source XACML implementation from Sun (http://sunxacml.sourceforge.net) as the underlying framework for the XACML constructs. This framework provides, out-of-the-box, a very simple file-based policy finder module (intended for use only as a sample). I?m using this finder in my JACC provider. So, the XACML policy set(s) for applications are written out into flat files during app deployment; these files are then searched at policy enforcement time. A file-based approach is clearly not the most performant/scalable of options, and needs to be reworked. An aside: while testing my provider, I noticed that unchecked WebUserDataPermission instances were not being generated for a deployed application as expected. Briefly, the problem seems to be as follows. Line # 180 of the file "WebPermissionMapping.java" reads while (roles.hasNext()). However, this loop is always skipped, since the roles Iterator is never re-initialized after the previous loop (line # 157) has completed its run. At first glance, it would seem that the way to fix this is to change line #179 to read roles = info.getTransportMethods(). However, after having made that change, I found that unchecked WebUserDataPermission instances were certainly getting generated, but not all of them seemed to be quite the right ones I was expecting. I've not had a chance to follow up on this point since. This needs to be revisited, to confirm whether there is indeed a problem. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3886350#3886350 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3886350 |
