Search:

Java Answers

Ask Question UnAnswered

Home » Forum » Java

RSS Feeds

Question Asked By: Carolina Lopez on Sep 30 In Java Category.

Security

Question Answered By: Von Fischer on Sep 30

Hibernate is just a object-relational persistence framework, I see it as a powerful replacement for entity beans so I don't think it's a good idea to leave the authorization to pass all the way through your application and to be performed by DB, I guess this would be an invitation for hackers to your system. Although J2EE integrates to legacy (thirdparty systems) very well but that would require further support by those systems but I don't see you are taking that approach.

I guess what you can do is:

As the user logs into the system, (after authenthication) you can create an end-to-end session with user and DB (this needs more discussion); this would be the end of authentication.

From that moment onwards you authorize user over performing certain actions (inserting objects into the DB, etc)

My answer to your question here is, do this either declaratively OR as you are using JAAS, you can get the benefit of isolating your secure system from the underlying security infrastructure which in your case would be Oracle.You may end up writing some code. I'd say, for more information to see how you can do this, please refer to JAAS and writing LoginModule. (This can be done as part of pre-business logic filters + somepart if done by the containers too)

It's not a good practice to leave the authentication or authorization to domain objects or persistence layer

This Question has 5 more answer(s). View Complete Question Thread

Didn't find what you were looking for? Find more on Security Or get search suggestion and latest updates.

Tagged:security

RSS Feeds:	Articles \| Forum \| New Users \| Activities \| Interview FAQ \| Poll \| Hotlinks
Social Networking:	Hall of Fame \| Facebook \| Twitter \| LinkedIn
Terms:	Terms of Use \| Privacy Policy \| Contact us