< Day Day Up > |
The Java 2 access-control model is centered on the concept of CodeSource . Permissions are granted based on the URL location from which the code is coming and the entities that certify the origin of the code through their digital signatures. In a multitier architecture, however, this is often insufficient. Access-control decisions in a J2EE environment need to take into account the user who runs the code too. In Chapter 9 we see how JAAS extends and complements the access-control model presented in this chapter so that user information can have a role in access-control decisions. |
< Day Day Up > |