Prelude includes Portable, In-Memory JACC Provider

We made some enhancements in Prelude to improve JACC policy provider replacability, and we added a new portable in-memory JACC Policy provider that can be configured as an alternative to the file-based JACC Policy provider. The file-based provider is configured by default. To enable the in-memory provider, do the following:
  • stop the application server (i.e., asadmin stop-domain)
  • edit domain.xml and add or change the security-service element to define the attribute jacc="simple"
  • restart the application server. (i.e, asadmin start-domain)
The in-memory provider was developed both to provide a simpler and more performant alternative, as well as to serve as a sample to help others develop their own providers. Portability was achieved by defining a JACCRoleMapper interface, and by defining the provider such that it can be trained (via a system property, i.e., com.sun.enterprise.security.jacc.provider.JACCRoleMapper) to use a system specific implementation of the JACCRoleMapper interface. The source of the in-memory provider is available in the project repository.
Comments:

What is the purpose of the following (never-called) methods present in the JACCRoleMapper interface:

Set<String> getRolesOfSubject(String pcid, Subject s)
throws SecurityException, UnsupportedOperationException;

Set<String> getRolesOfPrincipals(String pcid, Principal[] principals)
throws SecurityException, UnsupportedOperationException;

BitSet getRolesOfSubject(String pcid, String roles[], Subject s)
throws SecurityException, UnsupportedOperationException;

BitSet getRolesOfPrincipals(String pcid, String roles[], Principal[] principals)
throws SecurityException, UnsupportedOperationException;

Set<Principal> getPrincipalsInRole(String pcid, String roleName)
throws SecurityException, UnsupportedOperationException;

If they're never called by any code, then why must I implement them?

Thanks,
Laird

Posted by Laird Nelson on January 28, 2011 at 07:20 AM EST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

monzillo

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today