Re: Object level security

Li Gong (gong@games.eng.sun.com)
Wed, 22 Jul 1998 18:55:42 -0700

Date: Wed, 22 Jul 1998 18:55:42 -0700
Message-Id: <199807230155.SAA07421@games.eng.sun.com>
From: Li Gong <gong@games.eng.sun.com>
To: "J.D. Fagan" <jfagan@2bridge.com>
Subject: Re: Object level security
In-Reply-To: J. D. Fagan's mail of Fri, 17 July, 1998

I noticed that we have not responded to your email, so here is a short
answer. To extend security checking to objects (instances of a
class), the default SecurityManager is not the right answer, although
customizing the security manager might work, but is tricky.

Have you looked at java.security.Guard and
java.security.GuardedObject? These may give you some new food for
thoughts to solve your problem. You may need to change the security
aspect of your design. Thanks.

Li

--
J. D. Fagan writes:
> Hello all,
> 
> I'm still learning JDK's 1.2 security model and understand its ability to
> protect certain classes from being loaded up by the VM.  However, I was
> wondering if it had the capacity for checking security on particular
> instances of a class, such as in the following situation:
> 
> I'll be storing object instances of particular classes in an object oriented
> database.  I want some some of these objects (secure type classes that I
> designate) to be accessible via some Users/Groups (objects in system).
> 
> Some of the permissions I need for a particular User/Group on a particular
> secure object include:  read (i.e., view), write (i.e., update), delete,
> change permission.
> 
> Is it wise that I use my own SecurityManager implementation to achieve this
> facility?  Or does Java 1.2 handle these capabilities via
> SecurityManager.checkPermission(java.security.Permission perm, Object
> context) method??
> 
> Appreciate your feedback,
> 
> J.D. Fagan
> 2Bridge Software
> 
> 
>