geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Diego L Espineira (JIRA)" <j...@apache.org>
Subject [jira] Created: (GERONIMO-2617) Custom Authorization
Date Sun, 03 Dec 2006 00:16:22 GMT
Custom Authorization
--------------------

                 Key: GERONIMO-2617
                 URL: http://issues.apache.org/jira/browse/GERONIMO-2617
             Project: Geronimo
          Issue Type: New Feature
      Security Level: public (Regular issues)
            Reporter: Diego L Espineira


Apache Geronimo to enable the developer to implement custom and complex security models, such
as role hierarchies and permission inheritance between roles. This can be accomplished by
adding an optional parameter to the security realm options specifying some class to intercept
and handle the authorization to EJBs, WebServices and web content (JSP, html etc) by applying
custom and application specific authorization based on information stored in somewhere else
(like a DBMS).
This enables an application to allow its users to change the EJB methods and content permissions
through the application itself. The authentication and authorization settings is widely wrongly
assigned to deployment time, while it must be assigned much of it to run time.

An example of this is the JBoss SX approach to this subject. An application security realm
is configured to use an "authorization manager", which is a class that implements org.jboss.security.SecurityProxy.
And it handles the requests to all the resources like EJBs.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message