Security in java

Hi all
I am currently busy with a small opensource project called Loadmax.
My problem is that I wish to have some of the modules, eg. admin modules, that are loaded be able to call core system methods by any other 3rd party module should not be able to do this.
Can anyone point me into the right direction of how I can do this,
Thanks

Hi,
Have a look at the Java Authentication and Authorization framework that comes bundled with JDK 1.4.
If you have the JDK documentation installed, then you can locate the tutorial at
<DOCS_HOME>\docs\guide\security\jaas\JAASRefGuide.html
Was this Useful?

hennie,
If the admin module is in the same jar file as the core, then you can consider sealing the jar, to prevent unauthorized users from extending your classes. This is advisable in either of the two options listed below.
Option One (Drastic code changes necessary) :
1. All admin module classes can implement a package scoped marker interface (say, CoreCallable).
2. Each non-private method in all core classes checks if the caller is a registered member. (This requires the all such methods' signatures to be modified to accept another additional parameter of the caller).
Like -
(Before Change) public void adminMethod(int someParameter);
(After Change) public void adminMethod(CoreCalleable cObj, int someParameter)

Option Two (Cutting edge technology)
Use AspectJ, a Java implementation of Aspect Oriented Programming.
1. Declare a static introduction which makes all admin classes implement the CoreCallable interface.
2. Define a pointcut on the join points of all non-private methods of the core classes, and expose the caller.
3. Define a before advice on the above defined pointcut. If the caller does not implement the CoreCallable interface, throw an Exception and disallow the operation.
If AspectJ and AOP are new, I strongly suggest reading about those topics, and using them.
-GB.
[ February 05, 2003: Message edited by: Gopi Balaji ]