How can a JACC provider use the Principal-to-role mapping facilities of the server it's deployed on?

后端 未结 1 1366
予麋鹿
予麋鹿 2021-01-30 03:28

I am writing a JACC provider.

Along the way, this means implementing a PolicyConfiguration.

The PolicyConfiguration is responsible for

相关标签:
1条回答
  • 2021-01-30 04:07

    The short answer is: there's no standard way to do it.

    Although Glassfish and JBoss support principal-to-role mappings, JACC does no assume all containers do, and so it delegates the responsibility of keeping those mappings to the JACC provider implementation. From the docs (see: PolicyConfiguration.addToRole method):

    It is the job of the Policy provider to ensure that all the permissions added to a role are granted to principals "mapped to the role".

    In other words, you need to implement that yourself inside your JACC provider for each container. For JBoss, for example, you could use one of the subclasses of AbstractRolesMappingProvider.

    0 讨论(0)
提交回复
热议问题