Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

beginner question on JAAS: comprehension of some mechanics behind authorization

 
Ryan Weller
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, this is my first post, which is also a crosspost here at stackoverflow (I haven't got any answer until now ).

I'm trying to understand the method how JAAS works internally to authorize an user represented as a set of principals to access a given ressource.

I know that the checkPermission()-method of the AccessController is used for every method on the thread stack to verify that an access to a ressource in a given code section is permitted. I'm interested in the way when and how JAAS derives the required permissions for the code that's protected in the run()-method of the PrivilegedAction-Interface implementing class.

For better understanding let's assume for example that I have defined the grants in my policy file and want to use some code in the run()-method with restricted access to a) some system properties and b) a local directory.

Regards,
Ryan
 
Ryan Weller
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No answer yet, seems like JAAS has gone out of use. I want to understand JAAS, but can't realize how it works. If it's the description of my problem that's to vague, maybe I should elaborate a bit more? It can't be to difficult, probably I have mistaken something completely and a simple hint will resolve this.

Hope someone can help...
 
Jaikiran Pai
Marshal
Pie
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ryan Weller wrote:

I'm trying to understand the method how JAAS works internally to authorize an user represented as a set of principals to access a given ressource.

I know that the checkPermission()-method of the AccessController is used for every method on the thread stack to verify that an access to a ressource in a given code section is permitted. I'm interested in the way when and how JAAS derives the required permissions for the code that's protected in the run()-method of the PrivilegedAction-Interface implementing class.

That's not JAAS actually. That's plain Java security. There's an extensive explanation of it here. Take a look at the links in the "Authentication and Access Control" row of the table there.
 
Ryan Weller
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jaikiran Pai wrote:
That's not JAAS actually. That's plain Java security.

Really? I thought the PrivilegedAction-Interface was actually introduced as a part of JAAS (which of course is built on top of plain Java security). I'm saying this, because my question is concerned with the access of various protected resources inside the run()-method. But probably you're right and my problem is more related to the underlying fundamentals

Jaikiran Pai wrote:
There's an extensive explanation of it here. Take a look at the links in the "Authentication and Access Control" row of the table there

Many thanks, I'll have a look at that.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic