Make authorization decisions outside of Java 2 in ISAM

Make authorization decisions outside of Java 2

The ISAM authorization API Java classes also support a completely Java-compliant usage of the ISAM authorization check that is outside of the Java 2 and JAAS framework.
The PDPrincipal class includes the implies() method for performing authorization checks. To construct a PDPrincipal, a PDAuthorizationContext specifying the appropriate domain is required. Specifying the user name and password on the constructor results in authentication to ISAM during construction of the object. Specifying the user name and no password on the constructor results in a security check on the current environment. The permission that must be held is:
permission javax.security.auth.AuthPermission “createPDPrincipal”

If authorized, the constructor retrieves the authentication information from ISAM for that entity. The names supported on these constructors can either be ISAM short names, or distinguished names. Before calling the implies() method, construct a PDAuthorization context and construct a PDPrincipal object for the specified entity. Next, construct a PDPermission with the name of the requested resource, the protected object, and the requested action to be performed on that object. Then invoke the PDPrincipal.implies(PDPermission) method to determine if the requested access to the specified object is allowed for the specified entity.
For example:
PDAuthorizationContext ctxt = new PDAuthorizationContext(configURL); PDPrincipal whoIsIt = new PDPrincipal(ctxt, "tom", "letmein".toCharArray()); PDPermission whatTheyWant = new PDPermission(ctxt, “everything”, “abT”); boolean haveAccess = whoIsIt.implies(whatTheyWant); if (haveAccess) { // let them proceed… } else { // deny the requested access }

Parent topic: Java application development