Max Rydahl Andersen
I've always liked JAAS as it provides for a pluggable login mechanism. The exact same code is used for login to LDAP, NT, Kerboros, passwd files, Propertiary system A, B, C etc. That's beautifull ;)
The only thing i'm really missing, is to find good usages of the SecurityManager, Subject, Prinicipal and Credentials classes/concepts. I can find loads of articles talking about the pluggable architechure, the ClassLoader protection and encryption support of JAAS - but no real articles about how one would go about doing something like:
public List findDrugs(x,y,z) {
checkPermission("MayFindDrugs");
List drugs = performSearch(x,y,z);
foreach drug in Drugs {
if(drug.isNarcotic() && checkPermission("MayPrescribeNarcotics")) {
result.add(drug);
} else {
result.add(drug);
}
}
}
In other words - how would one setup JAAS and all its "cousins" classes, policy-file etc. to provide
FUNCTIONAL security ?
Also the current file based policy system seems to restrictive, simple and unmanageble, isn't there
any good example of a good, clean and flexible policy "provider" ?
And is JAAS the right tool for the job ? (I hope so as it seem to have all the needed parts...)
Maybe I'm just not seeing the forrest for all the trees - but I just can't seem to find it....maybe I don't got
the right Credentials yet ? ;-)