dev@jsr311.java.net

Re: SecurityContext idea

From: Paul Sandoz <Paul.Sandoz_at_Sun.COM>
Date: Fri, 21 Sep 2007 15:58:30 +0200

Hi Ryan,

This looks good.

I notice there is no annotation equivalent for checking if the transport
is secure. In EE today do app servers redirect from an insecure URI to a
secure URI at a low level before reaching the servlet container?

Paul.

Ryan McDonough wrote:
> All,
>
> Attached is an idea for an injectable SecurityContext interface that
> would provide access to security related information. Usage of this
> interface would be as follows:
>
> class PeopleResource {
>
> @HttpContext SecurityContext securityContext;
>
> @UriTemplate("{id}")
> PersonResource getPerson(@UriParam("id) String id) {
> if (securityContext.isUserInRole("paidSubscriber")) {
> return PaidPersonResource(id);
> } else {
> return CheapSkatePersonResource(id);
> }
> }
> }
>
> Additionally, you could test that the PaidPersonResource is being
> requested over a secure channel:
>
> class PeopleResource {
>
> @HttpContext SecurityContext securityContext;
>
> @UriTemplate("{id}")
> PersonResource getPerson(@UriParam("id) String id) {
> if (securityContext.isUserInRole("paidSubscriber")) {
> if(securityContext.isTransportSecure()) {
> return PaidPersonResource(id);
> }else {
> //-- Return Error
> }
>
> } else {
> return CheapSkatePersonResource(id);
> }
> }
> }
>
> Optionally, we could use JSR-250 annotation to perform the same task
> declaratively:
>
>
> class PeopleResource {
>
> @UriTemplate("{id}")
> @RolesAllowed({"paidSubscriber"})
> PersonResource getPaidPersonResource (@UriParam("id) String id) {
> return PaidPersonResource(id);
> }
>
> @UriTemplate("{id}")
> @RolesAllowed({"basic"})
> PersonResource getCheapSkatePersonResource( UriParam("id) String id) {
> return CheapSkatePersonResource (id);
> }
> }
>
> As far as configuring a security domain, this is probably something best
> left to the container, but I haven't worked out the exact details yet.
>
> Ryan-
> --
> Ryan J. McDonough
> http://www.damnhandy.com
>
>
> ------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_jsr311.dev.java.net
> For additional commands, e-mail: dev-help_at_jsr311.dev.java.net 

-- 
| ? + ? = To question
----------------\
    Paul Sandoz
         x38109
+33-4-76188109
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.