0 Replies Latest reply on Dec 14, 2007 11:28 AM by jgilmore

    JACC and Authorization for a Web Application

    jgilmore

      I am trying to use JASS authorization in JBOSS. i.e. grant granular Permissions to Principals within a JASS policy file. I believe the JACC module provides implementation for this however the wiki (http://wiki.jboss.org/wiki/Wiki.jsp?page=JACC) does not sufficiently describe how it is supposed to work.

      Can anybody provide a thorough example of how to implement JACC for a web application running on JBoss?

      To be a little more clear, the JAAS Policy shown below uses custom Principal and Permission classes from my application. How can I get the JBoss SecurityManager to load this application specific authorization config? Is JACC even the right direction??

      grant Principal com.ftid.custadmin.security.ClientAdminPrincipal "view_customer" {
       com.ftid.custadmin.security.ViewIdPermission "/client/clientView.*";
      };
      grant Principal com.ftid.custadmin.security.ClientAdminPrincipal "view_update_customer" {
       permission com.ftid.custadmin.security.ViewIdPermission "/client/clientEdit.*";
      };