DBPrism Servlet Engine
Slide 7 of 25
Notes

Application context allows you to write applications which draw upon certain aspects of a user's session information. It provides a way to define, set, and access attributes that an application can use to enforce access control--specifically, fine-grained access control.

Most applications contain information about the basis on which access is to be limited. In an order entry application, for example, customers would be limited to access their own orders (ORDER_NUMBER) and customer number (CUSTOMER_NUMBER). These can be used as security attributes.

Consider a user running a Human Resource application. Part of the application's initialization process is to determine the kind of responsibility that the user can assume, based on the user's identity. This responsibility ID becomes part of the Human Resource application context; it will affect which data the user can access throughout the session.

next in this section DBPrism CMS Security Model

This work is licensed under a Creative Commons License . Creative Commons License
(C) 1999-2008 - DBPrism ~ DBPrism CMS | Marcelo F. Ochoa | TANDIL ~ Argentina | 2008-10-07T20:17:51
DBPrism at SourceForgeBuilt with Cocoon2