• Authorization is the process that controls access rights of principals to system resources that include:
    – Access to users
    – Access to processes
    – Access to machines
  • Main goals of authorization is to provide information security attributes, i.e., Confidentiality, Integrity and Availability (CIA)
  • Implementation of authorization in Java is through JAAS that determines authenticated user’s purview of given rights

💖Introduction to Authorization (Cont’d)

  • It is the process of defining access policies for confidential resources
  • Authorization shows “who is executing" “where is the code residing" “who is the owner of the code"
  1. Defining roles to users
  2. Define security roles of an application to roles defined in memory realm
  3. Define the resource and HTTP method constraints for an application in web.xml file
  4. Apply the constraints that are accessible by role
  5. Check for user authentication for the application
  6. Allow the server to process the request when the details are verified