JAAS method level authorisation

Similar Messages

• How to implement method level authorisation in JSF

  Hi all,
  I am new to JSF 2. I have been able to implement authorization on my web pages, but I also want to implement it at the bean level. Does JSF 2 provide an in-built functionality to implement role-based authorization on bean methods? Or, I need to use some security frameworks (i.e. ACEGI)?
  Thanks in advance,
  Neeraj

  I am curious: can you explain WHY you want method level security? It seems woefully overkill and paranoid to me - server level security should be enough to keep out rogue code.
  Anyway for that level of security, the security measures built into the JVM should be used.
  [Java Security documentation|http://java.sun.com/javase/technologies/security/]
  You can also look into a security API like Spring security - be warned though, it has a steep learning curve.

• Field Level Authorisation Control

  Hi Expert,
              i want field level authorisation control for Usage Probablity in Bill of Material. In CS02- Change Material BOM for some user i want to restrict to change the usage probablity of particular component.
  how to do this. i already tried through creating & adding authorisation object in Role but it's not working.
  Pls suggest solution with detailed steps.
  Regards,
  Dev

  Dev,
  You can better try using, transaction variants using transaction SHD0 and assign them to the respective users.
  You can do a search in this forum to find topics on how to create transaction variants.
  Regards,
  Prasobh

• Method-level Locking

  (Here's another one):
  I'm unable to find a way to enable method-level locking in WebLogic.
  This kind of lock has the same semantics as a simple "synchronized" on the
  method level (which you cannot write as a bean developer). The advantage is
  that you've got thread-safe access to a method without expensively
  interfering with the transaction manager.
  So is this possible in WLS v6.1/v7.0?
  Regards,
  Pieter Van Gorp.

  I assume you are talking about entity beans. You can use the "Exclusive"
  concurrency strategy. Here is the link:
  http://e-docs.bea.com/wls/docs61/ejb/reference.html#1139340
  "Pieter Van Gorp" <[email protected]> wrote in message
  news:[email protected]..
  (Here's another one):
  I'm unable to find a way to enable method-level locking in WebLogic.
  This kind of lock has the same semantics as a simple "synchronized" on the
  method level (which you cannot write as a bean developer). The advantageis
  that you've got thread-safe access to a method without expensively
  interfering with the transaction manager.
  So is this possible in WLS v6.1/v7.0?
  Regards,
  Pieter Van Gorp.

• "method level" serializable ServerSockets

  i don't understand why this code block can be serialized:
  public class Foo extends Thread implements Serializable {
    public void run() {
      ServerSocket servSok = new ServerSocket(9876);
      Socket sok = servSok.accept();
  }compare with this code block. as expected it cannot serialize (unless transient is used):
  exception code = " +NotSerializableException: java.net.ServerSocket+ "
  public class Foo extends Thread implements Serializable {
    private ServerSocket servSok = null;  // <-- add "transient" and ok.
    public void run() {
      this.servSok = new ServerSocket(9876);
      Socket sok = servSok.accept();
  note: both are live, running, threads when serialized.
  one is an instance level object, the other a method level. but i cannot take my understanding
  beyond that. can someone talk me through what is going on?
  both are bound ServerSockets . neither can pop-up, after de-serialization, bound to a port
  on a remote jvm.

  pdFrog wrote:
  Your misunderstanding is that methods do not get serializedok. i did not know that.
  i think this is why we need the class loaders.Mneh, in a roundabout way, but probably not the way you're thinking. Technically speaking, methods are already serialized, in that their bytecode exists as a stream. But if you're trying to serialize code, not just data, you've probably misunderstood why we serialize. In particular, serializing a Socket connection of any kind is a bit pointless.

• Method-level ACLs

  Can anyone provide me with an example web.xml file that has acl protection at the method level? There is documentation saying that you can protect down to the method level, but I am having trouble finding anything on how...

  I assume you are talking about entity beans. You can use the "Exclusive"
  concurrency strategy. Here is the link:
  http://e-docs.bea.com/wls/docs61/ejb/reference.html#1139340
  "Pieter Van Gorp" <[email protected]> wrote in message
  news:[email protected]..
  (Here's another one):
  I'm unable to find a way to enable method-level locking in WebLogic.
  This kind of lock has the same semantics as a simple "synchronized" on the
  method level (which you cannot write as a bean developer). The advantageis
  that you've got thread-safe access to a method without expensively
  interfering with the transaction manager.
  So is this possible in WLS v6.1/v7.0?
  Regards,
  Pieter Van Gorp.

• JDeveloper 11 ignores @SuppressWarnings at method level

  Seems that this only works at class level.
  If you add it at a method level, JDev simply ignores it and continues to display warnings.
  Has anyone found how to get it to work?

  Hi,
  This is the code:
  <snip>
  @SuppressWarnings("unchecked")
  public List<T> findAll(final int... rowStartIdxAndCount)
  return commonPersistence.findAll(getClassName(), rowStartIdxAndCount);
  <snip>
  If I add this annotation to the line just before declaration of the class, it actually works, but becomes reasonably useless as I don't see any other warnings for the class.
  Thanks
  Jonny

• Generics at method level

  As we all know, in Java5.0, Sun introduced Generics. Now I used this at class level and at field method. However I tried using them at method level, but could not succeced.
  I did a search on the internet and I found a very good article about generics. The url is the following: http://www-128.ibm.com/developerworks/java/library/j-djc02113.html
  Scrolling to the bottom, I found out what I needed. the example on that website shows the following:class Utilities {
     <T extends Object> public static List<T> make(T first) {
       return new List<T>(first);
  }However I tried to do this code in a method inside my project, but did not work at all.
  Does any one know how I can do generics at method level. What I want to achieve is that you pass the class type you want to be returned as a generic at the method level.
  regards,
  sim085

  Please before you check my code, check the example that there is in the article, that is the code I posted in my first post. I based all this on the information I read from the website, and since the source looks very reliable,, there is no need for me to doubt that it works!
  I did a simple example, I am just using generics to get used to them ... Here comes the exampleimport java.util.*;
  public class Test{
       private List<String> myList;
       public Test(){
            myList = new ArrayList<String>();
            <List>normalMethod();
       <T>public T normalMethod(){
            return null;
       <T>public static void staticMethod(){
       public static void main(String... args){
            <List>staticMethod();
            new Test();
  }The exception throws is an exception you would see when the syntax is incorrect. However I do have Java5.0 and if you delete the methods and the method calls, but you leave the generics at the field level , the code would compile.
  The exception throws are the following:C:\Documents and Settings\saquilina\My Documents\Test.java:21: illegal start of type
       <T>public static void staticMethod(){
             ^
  C:\Documents and Settings\saquilina\My Documents\Test.java:32: <identifier> expected
  }Now since in the example in that website they use a static method, I tried it also with a static method, but it did not work all the same :(
  regards,
  sim085

• Configuring command level authorisation

  hi could someone pls tell me where on the acs to configure the command level authorisation for users to access the routers.pls help i am new to this. i am also using a evaluation copy of it.
  sebastan

  Found a really good primer on this topic:
  http://book.itzero.com/read/cisco/0512/Cisco.Press.Cisco.Access.Control.Security.AAA.Administration.Services.May.2004.INTERNAL_html/1587051249/ch10lev1sec4.html
  Darran

• Partner level authorisation

  Hello All,
  The scenario is that there are group of users who have the authorisation to change delivery and assign a changed vendor (in partner function) at item level.
  Now this group even requires the authorisation to do this at sales order line item level (in partner function), so that the data is alike in sales order as well as delivery.
  My problem is, how to restrict the authorisation to only sales order line item level for partner function tab in VA02.
  An early help would be appreciated.
  Thanks and regards,
  AK

  Hi:
  Perhaps you can try through a transaction variant linked to those users, such that when they enter va02 transaction, it opens up directly at item partner screen.
  Hope it helps.
  SLVJ

• Restrict Edit / Delete Parked Documents when first level authorised

  I have set up workflow for Document Parking with 2 levels of authorization.  Now, I need to restrict the user from editing / deleting the parked document when it is approved by the first level.
  I tried creating screen variant through SHD0, but the system does not allow to create for dialog transactions.
  Is there a standard way of restricting or should I write an enhancement?
  Ravi.

  Hi,
  You can use the BTE 1140.
  More details are available in SDN for this BTE.
  Regards,
  Gaurav

• Throtting or Work Managers - OSB @ method level

  Would it be possible to throttle a BS or set a work manager for the PS at the WSDL operation level?

  Work-manager setup and throttling are two different concepts. Throttling is used to restrict the message flow to a business service however work managers are used to prioritize service work. Remember that in case of throttling there is possibility of message loss however with work manager setup there is no such possibility.
  To give an example, suppose you are routing PO ACK's to target system. Given that, latest PO ACK is sufficient to provide the status of PO, it is not mandatory to deliver all the PO ACKs to the target system. So if I have to restrict the flow to target system here, I will use throttling.
  If there are two type of messages being processed in your OSB, suppose PO and PO ACK, you will always prefer that PO gets processed on priority and PO ACK processing must not affect the PO processing. Hence here I will use work-manager to prioritize the processing of PO.
  Regards,
  Anuj

• Transaction Isolation Level for EJB methods

  L.S.
  I just found out the in OC4J one can not set the transaction isolation level on ejb methods. Moreover one needs to revert to bean managed transaction (manual coding of the ALL transaction logic) to set the isolation level.
  On entity beans one can only set the isolation level for the whole bean (not on individual methods), and in session beans there is no way at all to set the isolation level.
  This is on shear contract to all other application servers I used before (there one can declaratively set the isolation level for a ejb method, both in session and in entitybean deployment descriptors)
  Is it foreseen in a future release to include such a valuable feature will be provided by oc4j?
  Note that I was VERY surprised that OC4J could not handle this (I checked the j2ee spec, but admittedly the spec is a little vague about this support and makes it vendor dependent. the j2ee spec does not mandate this, except for CMP entity beans, but includes some suggestions on this ability. But most other application servers implemented the ability)
  Regadrs,
  Erik

  Hello Erik --
  I think we met in Perth recently?
  Anyway, your information is correct.
  We can set the transaction isolation level for each entity bean, at the bean level. We don't have for the specification of method level isolation settings -- I'd be interested to hear how you would like/do use this. What behaviour do you expect to see when a transaction is started that spans multiple methods on a bean with different declared isolation levels.
  For session beans, we do not currently have the ability to declaratively specify the isolation level to use for the bean. I know this is not in the forthcoming 904 release, and will to check what is beyond that.
  As you point out, this can be done programatically using the Connection.setIsolationLevel() method on any connections you are using from within the session bean.
  I'd would like to log an enhancement request for you for this functionality. Can you send me an email at [email protected] and we'll take it offline.
  -steve-

• How to implement Method output converion in BADI HRPAD00INFTYUI

  Hi All,
  I have to implement Output conversion method in HRPAD00INFTYUI for the requirement of adding custom field in the structure HRWPC_S_EP_COMMUNICATION. Usage is, In MSS general data service the manager should see his subordinates telephone extn number and his mobile number.
  While trying to add, system is asking for access key and one possible solution is append structure. I am confused after seeing the parameters in that BADI. Anyone please give solution for the above requirement. Please share code as well if you have.
  Thanks in Advance.
  S.Vikgnesh

  I am curious: can you explain WHY you want method level security? It seems woefully overkill and paranoid to me - server level security should be enough to keep out rogue code.
  Anyway for that level of security, the security measures built into the JVM should be used.
  [Java Security documentation|http://java.sun.com/javase/technologies/security/]
  You can also look into a security API like Spring security - be warned though, it has a steep learning curve.

• Sale order : item release authorisation

  hi friends,
  our bussiness requirement, from the sale order they want to release the item level authorisation ..
  based on manager approval to release the item ,then only  item moving for production.
  PLS HELP ME FOR CONFIGURATION SETTING
  with regards
  Dinesh kumar.B

  Hi Code,
  I do not think it is possible with an every individual line item.If you want to authorize for total sales order use workflow or any other checks.
  Regards,
  Madhu.