2 Replies Latest reply on Apr 18, 2003 7:54 AM by petertje

Custom Authorization

famousactress Apr 17, 2003 6:41 PM

I think I have a pretty typical security problem, but was unable to find the answer in the forums by searchiing.

I want to use the standard J2EE security stuff. It works for most of what I want to do. However, there are times when controlling authorization to resources based on methods or beans isn't enough. I need to authorize principals based on data.

For instance.. User's with one role might only be able to access data they are related to specifically, and user's with another role may have access to a superset of that.

Am I making sense? I can give more concrete examples if need be.

Can someone point me in the right direction here? I guess I'm hoping there's some sort of pluggable AuthorizationHandler interface I can implement these special checks for, and associate with my beans via the same security plumbing.

thanks in advance.
-phill

1. Re: Custom Authorization

juhalindfors Apr 18, 2003 3:15 AM (in response to famousactress)

SecurityProxy interface
Actions
2. Re: Custom Authorization

petertje Apr 18, 2003 7:54 AM (in response to famousactress)

HttpServletRequest.isUserInRole
EJBContext.isCallerInRole

hth
Peter
Actions

Go to original post