Object level security

J.D. Fagan (jfagan@2bridge.com)
Fri, 17 Jul 1998 10:21:55 -0700

From: "J.D. Fagan" <jfagan@2bridge.com>
To: <java-security@java.Sun.COM>
Subject: Object level security
Date: Fri, 17 Jul 1998 10:21:55 -0700

Hello all,

I'm still learning JDK's 1.2 security model and understand its ability to
protect certain classes from being loaded up by the VM. However, I was
wondering if it had the capacity for checking security on particular
instances of a class, such as in the following situation:

I'll be storing object instances of particular classes in an object oriented
database. I want some some of these objects (secure type classes that I
designate) to be accessible via some Users/Groups (objects in system).

Some of the permissions I need for a particular User/Group on a particular
secure object include: read (i.e., view), write (i.e., update), delete,
change permission.

Is it wise that I use my own SecurityManager implementation to achieve this
facility? Or does Java 1.2 handle these capabilities via
SecurityManager.checkPermission(java.security.Permission perm, Object
context) method??

Appreciate your feedback,

J.D. Fagan
2Bridge Software