3 Replies Latest reply on Dec 16, 2004 1:56 PM by Scott Stark

    Using PolicyConfiguration in an application

    Yevgen Bushuyev Newbie

      There is a need to implement database-driven security layer with minimal possible coding. The administrator should have ability to manage roles, users, privileges and so on via web services interface. Investigating this problem i came to the solution of using PolicyConfiguration to set all necessary permissions in PolicyContext which makes all work done. It looks like

      PolicyConfigurationFactory pcFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
       PolicyConfiguration pc = pcFactory.getPolicyConfiguration("my.jar", true); //TODO
       pc.addToRole("admin", new EJBMethodPermission("MyFacade", "MyEndpoint", MyFacade.class.getMethod("testAuth", new Class[] {})));

      In the real app operation name ("testAuth") and role name ("admin") will be read from the DB.

      The only doubt i have is how legal is using PolicyConfiguration in the application since javadoc states that "The methods of this interface are used by containers"?

      thanx, eugen.