|
Explain the following Authorization Files.
SimpleAuthz.java
SimpleAction.java
SimpleJAAS.policyAuthorization Files
SimpleAuthz.java : This class is similar to the SimpleAuth.java class with one difference. A privileged action is performed after authenticating the user. To perform the privileged action, a reference to the current Subject is obtained and calls the doAsPrivileged() method from the reference of that object. The Subject reference is passed and the instance of the SimpleAction class into this method.
SimpleAction.java : This class implements the PrivilegedAction interface and a single method run() is defined. Few actions are performed which are restricted to privileged users.
SimpleJAAS.policy : The activities for which permissions are to be granted and for which code has permission to perform them are defined in this file.
Explain the Authorization Files.Authorization Files
SimpleAuthz.java
1. This class is identical to the SimpleAuth.java class in all but one respect.
2. After authenticating the user, it attempts a privileged action.
3. To do this, the code obtains a reference to the current Subject and calls the doAsPrivileged() method from that object reference.
4. We pass the Subject reference and an instance of the SimpleAction class into this method.
5. The Java runtime then will take the supplied Subject reference and attempt to execute the privileged action defined within the run() method of the SimpleAction class.
SimpleAction.java
1. This class implements the PrivilegedAction interface and defines a single method, run().
2. It attempts to perform a few actions that are restricted to privileged users (as defined by the policy file).
3. If the Subject has the appropriate privileges to perform these actions, the method will execute without any trouble. Otherwise, it throws an exception.
SimpleJAAS.policy
1. This file defines the activities for which permission has been granted and which code has permission to perform them (code-level access).
2. These grant statements can further be narrowed to allow only a particular Principal (user-level access).
|
