Migrating a Policy implementation for use on the web
Hello; I have an implementation of a java.security.Policy object that I've been using in a standalone application for a while.
I would now like tonotionally move this to the web. So I need a way of making this Policy implementation work on a webapp-by-webapp basis.
Assume for the moment that I have solved the problem of creating an authenticated java.security.Subject (I'm actually not sure how I'm going to do that either, but that's a separate issue).
What Iwant to have happen is:
1. In the course of rendering a page, a Servlet wants to check to see if the current user (the current Subject) has the ability to, say, see some salary information.
2. The Servlet calls some method somewhere like AccessController.checkPermission(new SalaryPermission(...)). From what I understand, web containers are not required to handle this call in a webapp-by-webapp basis; if you ask the AccessController something, it will answer that question in terms of the whole container, not just your webapp.
3. In this beautiful perfect world the AccessController knows thatmy Policy, and not someone else's, is the one to check. Somehow it causes my Policy object to be invoked in the usual way.
Is anything even remotely resembling this possible?
Thanks,
Laird
