Stack Overflow
Stack Overflow

Questions tagged [declarative-security]

Declarative security is a syntax that uses attributes to place security information into the metadata of the code.

Declarative security is a syntax that uses to place security information into the of the code. The attributes indicate the type of privileges required by an assembly, a class, or a certain member of the class. The common language runtime retrieves these attributes and informs the runtime security system about the required permissions.

Links:
MSDN article on Declarative Security

9 questions
8
votes
1 answer

Is (isUserInRole()) the easiest way to attach user permissions/security to a JSF button?

I recently developed a tomcat web app in JSP that uses declarative security (server.xml/web.xml) tied to the company's Active Directory. I was asked to add JSF support to the fledgling project. It was a simple matter to convert the login form to…
Jeremy Goodell
  • 18,225
  • 5
  • 35
  • 52
6
votes
1 answer

Java EE declarative security, Cannot load group for JDBC realm user

It is my first post here. I would have two questions with regard to declarative Java EE security: (1) file-based authentication and (2) DB-based authentication. I enclosed the relevant parts of the configuration for both questions. I run the code on…
Tamas
  • 736
  • 2
  • 11
  • 27
4
votes
0 answers

.NET Declarative Security: Why is SecurityAction.Deny impossible to work with?

I've been messing with this for about a day and a half now sifting through .NET reflector and MSDN docs, and can't figure anything out... As it stands in the .NET framework, you can demand that the current Principal belong to a role to be able to…
CodingWithSpike
  • 42,906
  • 18
  • 101
  • 138
2
votes
1 answer

Declarative security on methods in .NET 3.5 - how do I lock down a method's permissions?

I'm using .NET 3.5. Say I have a method that accesses a specific file, and a specific registry key. I want to add declarative security definitions that restrict the method so that it can only access the file and the registry key specified, and…
Fiona - myaccessible.website
  • 14,481
  • 16
  • 82
  • 117
2
votes
0 answers

Java EE declarative security, acquiring reference to a secured bean from application client

On 2 questions I would like to consult you. Background: I have written a test, Java EE application and added declarative security. The application is deployed on Glassfish 3.1. For unit testing I used JUnit with the embedded container for all beans…
Tamas
  • 736
  • 2
  • 11
  • 27
1
vote
1 answer

Authentication type in DD paragraph confusion

Could anyone please tell me why the following paragraph is incorrect: If your deployment descriptor correctly declares an authentication type of BASIC, the container automatically requests a user name and password whenever a user starts a…
Dusk
  • 2,191
  • 6
  • 38
  • 57
0
votes
0 answers

Is there any metadata reader compatible with reflection?

I want to get the declarative security attributes from an assembly. For now i just go through all the types in assembly and all of their members to look for custom attributes that derive from CodeAccessSecurityAttribute. This works kinda fine, but i…
Сергей Гущин
  • 21
  • 1
  • 8
0
votes
1 answer

Unit testing remote EJB bean with security

This question is similar to Java EE declarative security, acquiring reference to a secured bean from application client but is more specific. I can unit test my local beans with the Glassfish embedded container. For the remote beans I have written…
Tamas
  • 736
  • 2
  • 11
  • 27
0
votes
1 answer

Declarative security role name containing asterisk fails to work

I'm having a problem with my declarative security entries in web.xml. The entries below are not allowing me to access the page, even though I am a member of the group *ADL - Education Group. I end up being directed to the login-noauth page. I know…
Jeremy Goodell
  • 18,225
  • 5
  • 35
  • 52