This week's book giveaway is in the Java 8 forum.
We're giving away four copies of Java 8 in Action and have Raoul-Gabriel Urma, Mario Fusco, and Alan Mycroft on-line!
See this thread for details.
The moose likes Security and the fly likes Class based Access Control Model Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Class based Access Control Model" Watch "Class based Access Control Model" New topic
Author

Class based Access Control Model

Tay Thotheolh
Ranch Hand

Joined: Aug 07, 2008
Posts: 84
Hi. I am wondering if it is possible to create an internal access control model in a Java application based on classes that attempt to access certain methods or classes ?

My idea is that a Java application with plugin capabilities may have certain methods or classes too sensitive for plugin classes to access. E.g. secure storage or user password authentication classes shouldn't be accessed by plugins at all.

I was wondering if it is possible to use XXXClass.getClass() which returns a "Class" class object to do checking against an access control list for the system ?

Is it practically safe to do so too ?

I am wondering maybe some malicious classes may try to spoof a Class object to gain access or maybe is it possible for some malicious class to take control of a legitimate class to access restricted areas in an application system ?

If using "Class" class objects to determine the ability to access restricted classes or methods are not safe, is there a set of samples that can be created to proof that this method of access control between classes and methods are not safe ?

Thanks.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Class based Access Control Model
 
Similar Threads
More Model-View-Controller advice needed
Design a Plugin based system
NX: File Consistency
Longer Post - ALL IBM ICE EXAM Q's for UML
Passed SCEA Part 2 - My experience