Using JDOSecure to introduce role-based permissions to java data objects-based applications

Authors:
Matthias Merz;Markus Aleksy
Affiliations:
Department of Information Systems III, University of Mannheim, Mannheim, Germany;Department of Information Systems III, University of Mannheim, Mannheim, Germany
Venue:
DEXA'06 Proceedings of the 17th international conference on Database and Expert Systems Applications
Year:
2006

Citing 1
Cited 2

Design patterns: elements of reusable object-oriented software

Design patterns: elements of reusable object-oriented software

An improved component model for component based software engineering

ACM SIGSOFT Software Engineering Notes
Enabling declarative security through the use of Java Data Objects

Science of Computer Programming

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Java Data Objects specification is designed as lightweight persistence approach. Thus, JDO neither supports user authentication nor role-based authorization. Consequently, users are able to query the entire data store as well as to delete persistent objects without any restriction. The novel security approach JDOSecure was developed at the University of Mannheim to prevent unauthorized access to the data store while using the JDO API. Based on the dynamic proxy approach, JDOSecure introduces role-based permissions to JDO-based applications. In this paper we focuses on how JDOSecure enables Java Data Objects-based applications to deal with role-based permissions.