On Wednesday 14 April 2004 11:17, Justin Permar wrote: > 3) Is there an example of a component declaring required > permissions using PermissionDescriptor > (http://avalon.apache.org/meta/meta/info/type/security/permission.html)? > In general, I'm clueless as to what that page is saying. An > example of role-based access to a component would be greatly > appreciated.
The Component Security is not yet finalized. We are having some 'conceptual brain-damage' on what I am actually looking for, so please leave that out until further notice. The standard -Djava.security.policy= & -Djava.security.manager= should be used in the meantime. The intent was that components were granted permissions according to where they were mounted in the overall model, so that the same codebase could have different permissions. For instance, a 'system-level' component could be granted AllPermissions, even though it was called from untrusted components, or a component sitting in User space was considered untrusted due to 'configuration', whereas the same component sitting elsewhere were considered trusted. In any event, the Meta permission directives were for the component to declare the Permission requirement, so that tools and more importantly humans could know what permissions the component require without studying the source code (since noone documents it either :o) ) Cheers. -- +---------//-------------------+ | http://www.bali.ac | | http://niclas.hedhman.org | +------//----------------------+ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
