Welcome to the jGuard's wiki » jGuard Documentation » contextual permissions

contextual permissions

Last modified by RaffaelloPelagalli on 2006/12/16 01:30

contextual permissions

since 1.0 release , jguard supports 'contextual' permissions.

it implies that you can refers in any permissions (subclass of java.security.Permission), to some context variables like user credentials and roles.

like RBAC design impose that user and permissions mustn't bound statically,these variables are resolved dynamically.

when the user will try to enforce a permission, jguard will grab all permissions of the user,including contextual permissions, and will resolve variables of these permissions. Thus, jGuard will compare the permission enforced with the resolved ones.


jguard uses the jakarta commons JEXL project expression library to provide expressiveness on contextual variables. this project has got a syntax page: http://jakarta.apache.org/commons/jexl/reference/syntax.html


  • permission refers to credentials
public credentials are referenced with ${subject.publicCredentials}

private credentials are referenced with ${subject.privateCredentials}

Permission p1 = new URLPermission("index","http://www.website.com/index.html?name=__$\{subject.publicCredentials.name\}__");

Permission p2 = new URLPermission("index","http://www.website.com/index.html?name=__$\{subject.privateCredentials.country\}__");

Permission p3 = new FilePermission("file://home/user/__$\{subject.publicCredentials.company\}__", "read");

  • permission refers to roles
private credentials are referenced with ${subject.roles}
Created by diabolo512 on 2006/12/16 01:30

jGuard team copyright 2004-2009