db-jdo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Erik Bengtson" <e...@jpox.org>
Subject jdo security revamped proposal
Date Mon, 05 Nov 2007 20:14:43 GMT
Hi,

After negative feedback, I have a different proposal for securing JDO
resources.
Different from my initial proposal using declarative security (XML), here I
propose using the standard java security.
The example is self-explaining:

--- Persistent Class sample:
package com.petstore;

class Pet
{
   String name;
}

--- Security policy sample:

grant principal "bart"
{
permission javax.jdo.spi.JDODataPermission "/com/petstore/Pet[@name='dog']",
"read,write";
}

grant
{
permission javax.jdo.spi.JDODataPermission "/com/package", "read";
permission javax.jdo.spi.JDODataPermission "/com/petstore/Pet", "read";
};

--- javax.jdo.spi.JDODataPermission:

javax.jdo.spi.JDODataPermission(String name, String actions);

--- PMF/System property that will enable/disable security checks by the JDO
implementation
javax.jdo.security.manager=false|true

The only particularity of my proposal is the name argument for
JDODataPermission that uses Xpath.

Regards,









Mime
View raw message