• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

security

 
Ranch Hand
Posts: 104
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hello,
I can't figure out how to make use of the security that comes with every J2EE server, let's say for example Websphere. You can define rollbased permission quite fine-grained on method level. but does this really solve the problems in real world applications ?
let's say we have to make a e-procurment application. how can i restrict pepole from buying products which cost over 500€, but at the same time allow managers to buy products over 500€ ?
private static final double someValue = 500;
if(total>someValue) {
buyProductBiggerThenSomeValue();
} else {
buyProduct();
}
Now based on these 2 methods I could define rolls, it would work and we would have the problem resolved.
But isn't that a bit too much effort for using container managed security ? Using JAAS security wouldn't be much more code, compared that you have to actually double the code of the method buyProduct().
Please comment on this.
Cheers,
max
 
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi,
you dont have to use the role only in the method level , you can also use the role inside your code. so you need to define the right roles that fits to your business requirements and then check inside your business code if the current user has the rigth roll to perform the specific action(isCallerInRole).i agree that it's tiding your application code to the defined roles but i dont know another way to do it.
 
reply
    Bookmark Topic Watch Topic
  • New Topic