2

I am hosting a Java web service on a AIX unix box using JBoss.

Some of the web methods browse the unix file structure (IE GetDirectoryFiles returns all files for the directory path passed in).

I want to integrate this with the unix security so that the caller would pass in a username/password at the session level and they would be limited to what files/directories they have access to based on that username/password integrated with the server users.

For instance, if the server has a user with their home directory set to /home/me and are unable to browse out of their home directory, the web service would only allow the same with regards to the method calls. They could call '/home/me/dir' but not '/home/notme/dir' (would throw an access denied exception).

How would I go about doing this?

Improve this question
1
  • Note that a naive implementation would allow full speed brute force dictionary attack on the server. Commented Jan 14, 2014 at 21:29

1 Answer 1

Reset to default
0

The issue you are going to have is that the JBoss process is already running as a specific user, and therefore anything done by a thread within that process will run under that user's permissions.

The simplest approach, I believe, would be to launch a new process as a different user to complete the unix part of each of your web methods, using Runtime.getRuntime().exec(...) - see this question

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

The solution doesn't really work in my case, but the answer does lay out the problem.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.