|
JAAS enables applications to authenticate
and enforce access control. Oracle9iAS
supports JAAS by implementing a JAAS provider. The JAAS provider
provides application developers with user authentication,
authorization and delegation services to integrate into their
application environments. Instead of devoting resources for
these services, application developers can focus on the presentation
and business logic of their applications. The sample demonstrates
how to implement security with Oracle9iAS's
JAAS implementation.
Java Authentication and Authorization Service (JAAS) is a Java
package that enables services to authenticate and enforce access
controls upon users. Authentication is used to verify the identity
of a user or an entity to be granted access to the computer resources.
Once the user is authenticated, authorization process begins. Authorization
is the process of granting resource specific privileges to the user
(e.g. inserting a row in the database or write permission to a file).
Oracle JAAS provider implements JAAS to support user authentication,
authorization and JAAS policies. The JAAS provider supports two
types of repository providers, referred to as provider types. These
provider types are repositories for secure, centralized storage,
retrieval, and administration of provider data. This data consists
of realm (users and roles) and JAAS policy (permissions) information.
The two provider types are :
- XML based provider type where user information is stored in
XML files.
- LDAP based provider type where user information is stored in
a LDAP based directory like Oracle Internet Directory.
The HRS system(JAAS
Provider Sample) implements Oracle JAAS provider's
security features to restrict access to its functionality
based on the user who is logging in and what authorization
permission he/she has been granted. The HRS system will have
two types of users.
Depending on the role, they will use the application as follows:
1. Admin Role
A user with Admin privilege can create or modify hotel information,
but cannot book room in the hotel and car for customers.
2. Agent Role
A user with Agent role can book hotels rooms and cars but cannot
create/modify hotel information.
Based on the role, the user will be allowed or denied access to
the Car booking system from the HRS system. So if the user has signed
in as an Agent, he will be signed in to the Car booking system and
will be able to book the car while the Admin users will not have
access to Car booking system.
|
Bookmark
