Skip to main content
IBM  
Shop Support Downloads
IBM Home Products Consulting Industries News About IBM
IBM developerWorks : Java : Education - Tutorials
Java security, Part 2: Authentication and authorization		ZIPPDF (letter)PDF (A4)e-mail
Main menuSection menuFeedbackPrevious
Next Section
4. Authorization in JAAS
  


Declarative authorization example page 9 of 9


In this example, we show how authorization checks can be declaratively controlled by a permission grant in a policy file, using the user-defined permission PersonnelPermission. We just ask the AccessController if this permission has been granted and it throws an AccessControlException if it hasn't, or keeps running if it has. We call this PrivilegedAction with a doAsPrivileged call and a null access control context in the main JAASExample code to short-circuit the call stack at the point of the call. This is needed because prior to the combining of the Subject with the context in the doAsPrivileged call, the Subject was not part of context and not authorized to the grant statement, and because of least privilege and the use of the intersection of permissions, an increase in authority would not otherwise be allowed.


import java.io.*;
import java.security.*;
//
// This class is a sensitive Personnel function that demonstrates 
// the use of declarative authorization using the user defined 
// permission PersonnelPermission, which throws an exception 
// if it not granted 
class PersonnelAction implements PrivilegedAction {
     public Object run() {
       AccessController.checkPermission(new PersonnelPermission("access"));
       System.out.println( "Subject has Personnel access\n");
       return new Integer(0);
     }
}

Next Section
Main menuSection menuFeedbackPrevious
Privacy Legal Contact