Hello everyone,
I'm trying to understand JAAS and to use it to authenticate and give authorization for a user to access a method in a class.
I've not had problems with the authentication, but I couldn't find a way to give authorization for users to access only some methods in a class. My application has 4 users: User1, User2, User3 and User4. The class has 4 methods and each method can only be accessed by one user. So methodA will be accessed by User1 and so on.
public class Test{
//method accessed only by User1
public boolean methodA(){ ... }
//method accessed only by User2
public boolean methodB(){ ... }
//method accessed only by User3
public boolean methodC(){ ... }
//method accessed only by User4
public boolean methodD(){ ... }
}
After reading the JAAS tutorial I've created some PrivilegedAction classes for each method of the Test class.
public class TestMethodAAction implements PrivilegedAction<Boolean>{
private Test test;
public TestMethodAAction(Test test){
this.test = test;
}
public Boolean run(){
return test.methodA();
}
}
The problem is that I've not found a way to give access for a user to be authorized to only execute one of the methods of these classes. Any suggestions?