1 Reply Latest reply on Dec 15, 2004 5:56 AM by tcherel

    how to authorize a role to invoke a special method in a clas

    schfrog
    schfrog Dec 15, 2004 5:02 AM

      requirements: there is a user ,in some scenarios he can invoke a method in a class,but in other scenarios he can not.


      how can i define the policy for every method in a class(not an ejb)


      i want to implement by JAAS(use Subejct....) in jboss?

      • 1485 Views
      • Tags:
        • 1. Re: how to authorize a role to invoke a special method in a
          tcherel
          tcherel Dec 15, 2004 5:56 AM (in response to schfrog)


          JBoss does not use the Authorization part of JAAS (the one that will allow you to do access control on Java classes).
          But it does use JAAS for Authentication, meaning that a Subject is created.
          You will have to create a Security interceptor in order to do the Subject.doAs to invoke the requested operation. This will make sure that the Subject is correctly associated with the access control context.
          I believe that you will also have to make sure that JBoss is running under some kind of Security Manager (adding the -Djava.security.manager in the JBoss startup script. There is a seciton about that in the JBoss 322 doc).

          Thomas

            • Actions