Posts

Showing posts from December 28, 2014

Java EE authorization - JACC revisited part I

A while ago we took a look at container authorization in Java EE , which we saw was taken care of by a specification called JACC . We saw that JACC offered a clear standardized hook into what's often seen as a completely opaque and container specific process, but that it also had a number of disadvantages. Furthermore we provided a partial (non-working) implementation of a JACC provider to illustrate the idea. In this part of the article we'll revisit JACC by taking a closer look at some of the mentioned disadvantages and dive a little deeper in the concept of role mapping. In part II we'll be looking at the first element of a more complete implementation of the JACC provider that was shown before. To refresh our memory, the following were the disadvantages that we previously discovered: Arcane & verbose API No portable way to see what the groups/roles are in a collection of Principals No portable way to use the container's role to group mapper No de