O'Reilly logo

J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice by Pankaj Kumar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Policy-Based Authorization

As we saw, Java programs running under a security manager can perform only those operations for which they have been explicitly granted permission. The association of code, permissions and the specific conditions under which a piece of code has certain permissions is known as the authorization policy. We have already seen some examples of authorization policy representation in the form of policy files. Our aim in this section is to understand the abstract model behind the structure and behavior of these policies.

The Java access control model allows permissions to be associated with:

  1. Location of the code. Code location could be a file or HTTP URL and may represent a specific jar file, all classes in a directory (but ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required