March 1, 2008, 9:28 p.m.
posted by superj
SummaryThe Java 2 access-control model is centered on the concept of CodeSource. Permissions are granted based on the URL location from which the code is coming and the entities that certify the origin of the code through their digital signatures. In a multitier architecture, however, this is often insufficient. Access-control decisions in a J2EE environment need to take into account the user who runs the code too. In Chapter 9 we see how JAAS extends and complements the access-control model presented in this chapter so that user information can have a role in access-control decisions. |
- Comment