CUBA follows a simple approach of roles and rights for security checks as it is known from the EJB standard. Currently, only component-managed authorisation is supported, based on the functions getCallerName() and isCallerInRole() in the interface ComponentContextI. In EJB environments, these functions are based on the appropriate functions in interface EJBContext which again are based on JAAS. The wired container follows a much simpler approach, assuming authentication is either not required at all or performed before accessing the components.
Authentication in the wired container is based on two simple features:
| Properties
props = new Properties();
props.put(ClientContextI.CALLER_PROPERTY, "jlessner"); ClientContextI context = new WiredClientContext(props); |
| <run-as
caller="jlessner">
<role-name>admin</role-name> <role-name>developer</role-name> </run-as> |
| No caller property,
no run-as elements |
getCallerName()
returns null.
No roles associated, i.e. isCallerInRole() returns always false. |
| No caller property,
run-as elements present |
Caller name and associated roles are taken from the run-as element with the lexicographically lowest caller name. If the caller attribute is not present, getCallerName() returns null. |
| Caller property present,
no run-as elements |
Caller name is set according to property, no roles associated |
| Caller property present,
run-as elements present |
Caller name is set according to property. Associated roles are taken from the run-as element with a caller attribute matching the specified name. If no matching run-as element is present, access to the WiredClientContext causes security exceptions. |
| Home | Introduction | Javadoc |