Enabling declarative security through the use of Java Data Objects

The concept of declarative security allows the separation of security concerns from business logic and enables the development of highly flexible and secure applications. Whereas Hibernate and the Enterprise Java Beans specification provide sufficient authentication and authorization functionalities in the context of object persistence, the Java Data Objects (JDO) specification designed as a lightweight persistence approach doesn’t provide any declarative security capabilities.The novel security approach, JDOSecure, introduces a role-based permission system to the JDO persistence layer, which is based on the Java Authentication and Authorization Service (JAAS). JDOSecure is based on the dynamic proxy approach and ensures the collaboration with any JDO implementation. It comprises a management solution for users, roles, and permissions and allows storing the authentication and authorization information in any arbitrary JDO resource. Furthermore, a Java-based administration utility with a graphical user interface simplifies the maintenance of security privileges and permissions.