Abstract
The Java Data Objects specification is designed as lightweight persistence approach. Thus, JDO neither supports user authentication nor role-based authorization. Consequently, users are able to query the entire data store as well as to delete persistent objects without any restriction. The novel security approach JDOSecure was developed at the University of Mannheim to prevent unauthorized access to the data store while using the JDO API. Based on the dynamic proxy approach, JDOSecure introduces role-based permissions to JDO-based applications. In this paper we focuses on how JDOSecure enables Java Data Objects-based applications to deal with role-based permissions.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Blosser, J.: Explore the Dynamic Proxy API (2000), http://java.sun.com/developer/technicalArticles/DataTypes/proxy/
Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns, Elements of Reusable Object-Oriented Software, 1st edn. Addison-Wesley Longman Publishing Co. Inc., Boston (1995)
Gong, L.: Java 2 Platform Security Architecture (2002), http://java.sun.com/j2se/1.4.2/docs/guide/security/spec/security-spec.doc.html
Java Community Process. JSR-153: Enterprise JavaBeans 2.1 (2003)
Java Community Process. JSR-012: Java Data Objects (JDO) Specification, Maintenance Draft Review (2004)
Korthaus, A., Merz, M.: A Critical Analysis of JDO in the Context of J2EE. In: Ban, A.-A., Arabnia, H.R., Youngsong, M. (eds.) Proceedings of the 2003 International Conference on Software Engineering Research and Practice (SERP 2003), vol. 1, pp. 34–40. CSREA Press (2003)
Merz, M.: Using the Dynamic Proxy Approach to Introduce Role-Based Security to Java Data Objects. In: Eighteenth International Conference on Software Engineering and Knowledge Engineering (SEKE 2006), San Francisco, USA, July 5-7 (2006)
Sun Microsystems. The Java Language Specification, 3rd edn. Addison-Wesley Professional (2005)
TheServerSide.COM. Craig Russell Responds to Roger Sessions’ Critique of JDO (2001), http://www.theserverside.com/articles/article.tss?l=RusselvsSessions
TheServerSide.COM. A Criticism of Java Data Objects (JDO) (2003), http://www.theserverside.com/news/thread.tss?thread_id=8571
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Merz, M., Aleksy, M. (2006). Using JDOSecure to Introduce Role-Based Permissions to Java Data Objects-Based Applications. In: Bressan, S., Küng, J., Wagner, R. (eds) Database and Expert Systems Applications. DEXA 2006. Lecture Notes in Computer Science, vol 4080. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11827405_44
Download citation
DOI: https://doi.org/10.1007/11827405_44
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-37871-6
Online ISBN: 978-3-540-37872-3
eBook Packages: Computer ScienceComputer Science (R0)