Menu
▾
▴
[Jboss-dev-forums] [Design of Security on JBoss] - Re: Generalizing the JACC service
|
From: ErikEngerd2 <nu...@jb...> - 2005-08-10 18:16:46
|
Hi, Just had a look at the JACC specification and one thing I noticed is that this interface is a bit specific towards role based security and supporting the role based security model of J2EE. In addition, we also need a method for supporting JAAS based authorization in J2EE applications. That is, where the application defines custom security Permissions for itself. Just to give an example, I am considering to write a J2EE application that uses custom Permission objects to represent permissions to resources. The security model behind it might or might not be based on role based security. In other words, what I need is a custom set of Policy rules for a J2EE application in addition to those rules already in effect in my environment. This wouldn't be done in the form of a Policy replacement, of course, since it should be impossible to override server policies, but still a mechanism for this is needed. If I am correct, JACC only addresses the problem of supporting the current J2EE security model through JAAS and this aim is insufficient for my application. Cheers Erik View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3889312#3889312 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3889312 |
