Java 2 security with Security Verify Access

Java 2 security with Security Verify Access

The Java 2 security architecture is policy-based, and allows for fine-grained access control.
When the code is loaded, it is assigned permissions based on the security policy currently in effect. Each permission specifies a permitted access to a particular resource, such as read access to a specified file, or connect access to a specified host and port. The policy specifies which permissions are available for code from various signers and locations. The policy can be initialized from an external configuration file.
Code can access a resource only if the permission that guards the resource gives the code explicit permission. The new concepts of permission and policy enable the Java 2 to offer fine-grained, highly configurable, flexible, and extensible access control. Such access control now be specified for all Java code, including applications, beans, and servlets.
The ISAM authorization server provides an SSL-based access mode for handling remote authorization calls.
The azn_decision_access_allowed_ext() function requires the following information:

Authentication information
Resource name
Access mode

The Java 2 permission model provides the resource name and the access mode. The Java Authentication and Authorization Service (JAAS) extensions to the Java 2 model provide the authentication information. ISAM functions as a back end for normal Java 2 permission checks by providing:

A custom JAAS LoginModule that manufactures authentication credentials.
A custom permission class that knows how to locate and call ISAM.

Parent topic: Java security