How-to use java.security.Permission to provide access control over aJava object ?

[pramodr]

Hi group,

I need to implement access control over a DAO (preferably through a
business layer object) on the basis of user role - for instance an
admin can invoke the read/modify/delete methods, but a normal user
should only be able to read. I am planning for java security API
(JAAS). I have heard of java.security.Permission class. Can it be used
in my case ? I think if so, I may need to extend this class and use
it.

Please guide me with suggestions. I am new to JAAS api as well.

regards
Pramod R

 

[Roedy Green]

I need to implement access control over a DAO

background to understand the question:
DAO: Data Access Object
one of the J2EE design patterns
http://mindprod.com/jgloss/designpatterns.html#J2EE
--
Roedy Green Canadian Mind Products
http://mindprod.com

"The industrial civilisation is based on the consumption of energy resources that are inherently limited in quantity, and that are about to become scarce. When they do, competition for what remains will trigger dramatic economic and geopolitical events; in the end, it may be impossible for even a single nation to sustain industrialism as we have know it in the twentieth century."
~ Richard Heinberg, The Party’s Over: Oil, War, and the Fate of Industrial Societies