Java Security - Security for beans in web application

Author

Security for beans in web application

ittay.dror@gmail.com

2006-01-18, 7:06 pm

Hi,

I have POJOs acting as API to the application. How can I implement
authorization? I tried
Subject s = Subject.getSubject(AccessController.getContext());
Set<Principal> ps = s.getPrincipals();
// now i can authorize based on name or whatever

but i get a subject only if the method was called with doAs. But it
seems to me that if this will be my requirement, then just anybody will
call the methods with doAs, passing whatever principal they want.

In short, I'm a newbie in this. I tried to read some material, but i
confess this is very confusing to me.

So how do i get the username to authorize in a secure way?

Thank you,
Ittay

IchBin

2006-01-18, 7:06 pm

ittay.dror@gmail.com wrote:
> Hi,
>
> I have POJOs acting as API to the application. How can I implement
> authorization? I tried
> Subject s = Subject.getSubject(AccessController.getContext());
> Set<Principal> ps = s.getPrincipals();
> // now i can authorize based on name or whatever
>
> but i get a subject only if the method was called with doAs. But it
> seems to me that if this will be my requirement, then just anybody will
> call the methods with doAs, passing whatever principal they want.
>
> In short, I'm a newbie in this. I tried to read some material, but i
> confess this is very confusing to me.
>
> So how do i get the username to authorize in a secure way?
>
> Thank you,
> Ittay
>
Take look at
http://wiki.apache.org/directory/AuthXHome
--

Thanks in Advance...
IchBin, Pocono Lake, Pa, USA
http://weconsultants.servebeer.com/JHackerAppManager
________________________________________
__________________________________

'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor, Regular Guy (1952-)

Sponsored Links