File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JAAS and rdbms driven policy

 
Chaitanya Wankhede
Greenhorn
Posts: 3
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello
I am using JAAS in my web application. I have managed the authentication part well. For authorisation, I have used the policy files on the file system. However, the requirement is that the policy be database driven. The policies decide which usergroup has what permission. Are there any examples to implement the same?
Thanks
Chaitanya
 
Dave Teare
Ranch Hand
Posts: 80
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Chaitanya,
I take it you decided the form-based login approach is insufficient for your needs. I came to the same conclusion and used JAAS for authentication too. Once you perform your own authentication, you disable the web containers ability to perform declarative access control, and must do everything yourself (unless you programmatically create the same login token used by said conatiner and stuff it into a cookie/url rewrite).
I know in WebSphere that once you try to intoduce a RDBMS-based persmission scheme, you are on your own. I assume other containers are similar.
Given this, my plan is to have a base action class (I'm using struts, use a front-controller or filter otherwise) that will enforce that each request contains an authenticated user (if the resource is protected), and verify their role is allowed to access it (via DB lookup, etc). The problem I have is how to define which resources are protected. Perhaps I will use an XML file with a format similar to web.xml; or perhaps each action should be stored in the DB and a join between the user/role/action tables would determine access.
What do you think? Let's brainstorm together...
--Dave.
 
Dave Teare
Ranch Hand
Posts: 80
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry - I said base action class when I meant to say base action servlet. This servlet is registered in web.xml and delegates to the standard struts impl once access control is enforced.
 
Charles GAY
Greenhorn
Posts: 18
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi, i think you should look towards jGuard to fulfills your needs:
http://sourceforge.net/projects/jguard

sincerly yours,

charles(jGuard team).
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic