Forum Stats

  • 3,855,522 Users
  • 2,264,515 Discussions


How does the SecurityManager authorize with JAAS?

843811 Member Posts: 49,851 Green Ribbon

I'm using java 1.3 and JAAS, trying to write my own Permission for authorization. How does the SecurityManager know to authorize a method for a Subject? Does the method that I want protected have to explicitly call checkPermission()?

The examples given are always for FilePermission. They show a program calling Subject.doAs() to perform an action as a particular Subject, and they imply that checkPermission() is called by the methods doing the file access.



  • 843811
    843811 Member Posts: 49,851 Green Ribbon
    I think you
    a) create a specific permission class (such as a "canDoThisPermission(String targetMethod)" class)
    b) in your method check that the permission is granted by calling
    checkPermission(new CanDoThisPermission(<methname>))

    be sure your new permission class is being loaded from a trusted location (...lib/ext/... for eg.)

  • 843811
    843811 Member Posts: 49,851 Green Ribbon
    Maybe check out following page with code samples.

    If you can't find the answer, you can post the question there.

This discussion has been closed.