contextual permissions

since 1.0 release , jguard supports 'contextual' permissions.

it implies that you can refers in any permissions (subclass of java.security.Permission), to some context variables like user credentials and roles.

like RBAC design impose that user and permissions mustn't bound statically,these variables are resolved dynamically.

when the user will try to enforce a permission, jguard will grab all permissions of the user,including contextual permissions, and will resolve variables of these permissions. Thus, jGuard will compare the permission enforced with the resolved ones.

syntax

jguard uses the jakarta commons JEXL project expression library to provide expressiveness on contextual variables. this project has got a syntax page: http://jakarta.apache.org/commons/jexl/reference/syntax.html

examples

  • permission refers to credentials
public credentials are referenced with ${subject.publicCredentials}

private credentials are referenced with ${subject.privateCredentials}

Permission p1 = new URLPermission("index","http://www.website.com/index.html?name=__$\{subject.publicCredentials.name\}__");

Permission p2 = new URLPermission("index","http://www.website.com/index.html?name=__$\{subject.privateCredentials.country\}__");

Permission p3 = new FilePermission("file://home/user/__$\{subject.publicCredentials.company\}__", "read");

  • permission refers to roles
private credentials are referenced with ${subject.roles}
last modified by RaffaelloPelagalli on 16/12/2006 at 01:30
Menu

 
Creator: Charles Gay on 2006/12/16 01:30
jGuard team copyright 2004-2009
1.4.1.14796