I am trying to use JASS authorization in JBOSS. i.e. grant granular Permissions to Principals within a JASS policy file. I believe the JACC module provides implementation for this however the wiki (http://wiki.jboss.org/wiki/Wiki.jsp?page=JACC) does not sufficiently describe how it is supposed to work.
Can anybody provide a thorough example of how to implement JACC for a web application running on JBoss?
To be a little more clear, the JAAS Policy shown below uses custom Principal and Permission classes from my application. How can I get the JBoss SecurityManager to load this application specific authorization config? Is JACC even the right direction??
grant Principal com.ftid.custadmin.security.ClientAdminPrincipal "view_customer" { com.ftid.custadmin.security.ViewIdPermission "/client/clientView.*"; }; grant Principal com.ftid.custadmin.security.ClientAdminPrincipal "view_update_customer" { permission com.ftid.custadmin.security.ViewIdPermission "/client/clientEdit.*"; };