Integrate Java web service with Unix security

Question

I am hosting a Java web service on a AIX unix box using JBoss.

Some of the web methods browse the unix file structure (IE GetDirectoryFiles returns all files for the directory path passed in).

I want to integrate this with the unix security so that the caller would pass in a username/password at the session level and they would be limited to what files/directories they have access to based on that username/password integrated with the server users.

For instance, if the server has a user with their home directory set to /home/me and are unable to browse out of their home directory, the web service would only allow the same with regards to the method calls. They could call '/home/me/dir' but not '/home/notme/dir' (would throw an access denied exception).

How would I go about doing this?

Answer 1

The issue you are going to have is that the JBoss process is already running as a specific user, and therefore anything done by a thread within that process will run under that user's permissions.

The simplest approach, I believe, would be to launch a new process as a different user to complete the unix part of each of your web methods, using Runtime.getRuntime().exec(...) - see this question