JAAS method level authorisation
Hi
Is it possible to do method level authorisation in java.
I was under the impression you grant permission at the class level. Can you please inform as to
how we can grant permissions at method level.
example :
class A {
method1();
method2();
};
can I grant permissions to A.method1() to execute, without having to create an actions class
with run implemented as required , that is :
class actionMethod1() implements PrivilegedAction {
run(){
A.method1();
}
};
because then I will have to create too many action classes !
Hi, try this:
Within method 1 of Class A, do a permission check at the beginning of the method.
Class A {
1. public void method1() {
2. SecurityManger sm = System.getSecurityManager();
3. if(sm!= null ) {
4.sm.checkPermission( new XXXPermission() );
5. }
6. }
where XXXPermission is the type of permission that your checking for. If the current thread doesn't have this (XXXPermission) permission, then a SecurityException will be thrown and the rest of the method will not be executed. Alternatively, I believe that the above code (line 2-4) can be replaced with :
1. AccessController.checkPermission(new XXXPermission());
I hope this helps. You can also try referring to: http://java.sun.com/j2se/1.4/docs/api/java/security/AccessController.html
>
> Hi
>
> Is it possible to do method level authorisation in
> java.
> I was under the impression you grant permission at the
> class level. Can you please inform as to
> how we can grant permissions at method level.
>
> example :
>
> class A {
> method1();
> method2();
> };
>
> can I grant permissions to A.method1() to execute,
> without having to create an actions class
> with run implemented as required , that is :
>
> class actionMethod1() implements PrivilegedAction {
> run(){
> A.method1();
> }
> };
>
> because then I will have to create too many action
> classes !
