Re: [service-orientated-architecture] Re: Yee on WS/Web Apps Security Threats

Tue, 13 Jun 2006 06:22:40 -0700 

Gregg Wonderly wrote:
> Through the use of SOA and appropriate security controls, we can limit access 
> to 
> data.  The Java security model allows you to provide a wide range of scoping 
> of 
> access through the use of the Java Security Manager.  You can create methods 
> using security controls such as:
> 
> public List<DataItems> getItemsFor( String table, List<DataKeys> keys ) {
>       for( DataKeys k : keys ) {
>               AccessController.checkPermission(
>                       new DataAccessPermission( table, k ) );
>       }
>       ... method implementation ...
> }

One other followup comment.  The Jini Exporter interfaces allow one to, at 
deployment time, use an Exporter which might wrap the service object in a 
policy 
controlling delegate object.  Thus, the method structure you see above, might 
be 
codified differently using a class definition something like:

public class DataPolicyImplementor implements DataAccess,Remote {
        DataAccess delegate;
        public DataPolicyImplementor( DataAccess srvr ) {
                delegate = srvr;
        }

        public List<DataItems> getItemsFor( String table,
                                        List<DataKeys> keys ) {
                for( DataKeys k : keys ) {
                        AccessController.checkPermission(
                                new DataAccessPermission( table, k ) );
                }
                return delegate.getItemsFor( table, keys );
        }

        ... Other methods in the interface ...
}

The custom Exporter would wrap the passed service object inside of a delegating 
policy implementation like the above, and then actually export the delegate as
the service object.

Thus, Policy would be something that you could implement and instrument to 
cover 
whatever roles you needed in your deployment.

Gregg Wonderly




------------------------ Yahoo! Groups Sponsor --------------------~--> 
Everything you need is one click away.  Make Yahoo! your home page now.
http://us.click.yahoo.com/AHchtC/4FxNAA/yQLSAA/NhFolB/TM
--------------------------------------------------------------------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/service-orientated-architecture/

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Reply via email to