From: Charlie.Lai@eng.sun.com (Charlie Lai)
Message-Id: <199903092055.MAA01942@angeles.eng.sun.com>
Subject: Re: ACL
To: spierre@exchange.sv.lucent.com (Pierre Stephane)
Date: Tue, 9 Mar 1999 12:55:22 -0800 (PST)
In-Reply-To: <199903090842.AAA12126@svgw2.sv.lucent.com> from "Pierre, Stephane" at Mar 9, 99 09:40:00 am
hi,
> I'm a developer working in Lucent Technologies and i would like
> to implement an ACL using java.security.acl package in order to
> develop a security entity in our product.
we actually try to discourage people from using the java.security.acl
package. instead, if it's possible, we prefer you to implement your own
permissions (based on java.security.Permission or
java.security.BasicPermission) and then piggyback off the
existing access control architecture implemented by
java.lang.SecurityManager. that way you can also use
the existing access control policy as well.
some tutorials which might help you get started
(and determine if this is feasible) are located at:
http://java.sun.com/docs/books/tutorial/security1.2/index.html
of particular interest would be the trail which teaches you how
to implement your own permission:
http://java.sun.com/docs/books/tutorial/security1.2/userperm/index.html
> My second question is: We need to store username/password and
> ACL informations in database (files). Do you know some package
> that implement that ?
although we don't have a generic database class,
we do have a java.security.KeyStore class which might be useful
for storing password information (passwords can be converted into keys).
thanks,
charlie