Showing posts from March 19, 2015

Java EE authorization - JACC revisited part III

This is the third and final part of a series where we revisit JACC after taking an initial look at it last year. In the first part we mainly looked at various role mapping strategies, while the main topic of the second part was obtaining the container specific role mapper and the container specific way of how a JACC provider is deployed. In this third and final part we'll be bringing it all together and present a fully working JACC provider for a single application module (e.g. a single war). Architecture As explained before, implementing a JACC provider requires implementing three classes: PolicyConfigurationFactory PolicyConfiguration Policy Zooming into these, the following is what is more accurately required to be implemented: A factory that provides an object that collects permissions A state machine that controls the life-cyle of this permission collector Linking permissions of multiple modules and utilities Collecting and managing permissions Processing p…