This specifies an interface for performing role based access control. User can write an implementation of this interface and configure a server level role service by setting the server property: com.sybase.jaguar.server.roleservice to the URL by which to access the component that implements this interface.
There are 2 accepted forms for the URL.
For example, to set the role check service, set the server level property to com.sybase.jaguar.server.roleservice=Security/RoleService assuming, Security is the name of the Jaguar package that containing a Jaguar component called RoleService that implements this interface.
Components implemented for pseudo component access, must be thread safe. Pseudo components cannot be refreshed. Hence, a server refresh, or refresh of the component using the EAServer Manager, will not have any effect on the refresh of the role service. You must restart the EAServer if there is a need to refresh the role service component. For more information on EAServer Pseudo components, please refer to your EAServer documentation.
For performance, the role service component may be implemented as a pseudo C++ CORBA component.
Checks if the authenticated client is a member of the role. The client's credentials are obtainable from sessionInfo.
boolean isMember
(
in CtsSecurity::SessionInfo si,
in string role
);
The server first performs membership checks and if the user is not a member of the given role, this method is invoked. The server also caches the result from this method for a fixed period of time (before the internal cache is purged of old entries). The fixed time is determined by the server-wide property com.sybase.jaguar.server.authorization.permcachetimeout. The value is specified in seconds. The default value is 2 hours. Hence, this method will not be called very often for the same client/role combination, provided the internal cache has the relevant information.