Richard Reavis wrote:I'm under the impression (correct me if I'm wrong) that you need to create a class for each permission?
That's not what I meant. There wouldn't be any extra classes; the permissions a user has would be represented by data that's stored in the user repository, something like "boolean isAdmin", "boolean readOnlyAccess" etc. and then your code would check these before a particular operation is carried out. I find it beneficial to have these checks close to the code that they govern, instead of having JAAS perform those checks and throwing permissions if there are violations.
How do you use callbacks to exchange login credentials? Especially with RMI (which I have not had a chance to use yet), how do you exchange this data? Also, within what method should you load in user data (usernames, passwords, etc.)?
I don't know how RMI might interact with JAAS,
service propagation may be needed. My impression is that JAAS is used even less for apps with remote
Java clients than for server-based apps, partly because of these problems.