-
1. Re: Reading Permissions from database
vbfischer Nov 20, 2002 3:15 PM (in response to sheckler)Hi Sheckler.
I cannot answer your question 100%, but I think I can give you hope.
I seem to remember reading about creating SecurityInteceptor (s) for your Beans. I don't know if I have the name correct, hopefully someone can intercede here. Anyways, inside the Interceptor(s) you write the code to determine if the current Principal has access to the bean's methods.
I thought I had read this in the JBossBook, but in perusing it just now, I couldn't find it. Only thing I could ifnd was on page 268, where there's a diagram showing... I'll do some more research and post my findings here, as I need to figure this out soon anyways... -
2. Re: Reading Permissions from database
vbfischer Nov 20, 2002 3:36 PM (in response to sheckler)AHA... I found it...
In this Javaworld article...
Here's the abstract:
The current EJB (Enterprise JavaBeans) specification supports basic declarative, role-based access-control mechanisms, but provides limited support for coding application-specific security checks. Moreover, it doesn't define any way to factor out access-control code from business logic, or to integrate external authorization services. The open source, J2EE-compliant (Java 2 Platform, Enterprise Edition) JBoss application server features a protection-proxy security architecture that will help you overcome these restrictions. (4,500 words; February 15, 2002)
http://www.javaworld.com/javaworld/jw-02-2002/jw-0215-ejbsecurity.html