How Is Authorization Enabled?
Run-time authorization is enabled through a parameter in the Security table of the GEN product line database before performing any evaluation. This parameter sets authorization to all access, no access, or to the access specified in the security classes and execution plans. If the record does not exist, all access is granted to all users. Enabling Run-time Authorization
When authorization generation is enabled, the buildprod
utility performs the following tasks:
-
Generates the .java files for execution plans, including the metadata and securable objects to be checked in order to determine the authorization status of a business class or business task. Generating and compiling the authorization plans in advance offers a performance advantage over constructing it on the fly for each object access.
-
Generates logic into the object classes to check authorization before performing an action. This code contains the logic for each rule to be used by the security run-time executor.
-
Compiles the Java code for the classes and the plans.
-
Packages the resulting Java objects into appsec.jar.