HELP with security requirements
IÂ´ve been working with J2EE for a while and now i am facing a requirement I assume J2EE can face but I would like some professional orientation.
IÂ´m developing a financial systema, Web & server, using GalssFish. The requirement I have is that "any system service" as I call the operations accessible from the client (web app) should be permission secured, that means, that for each User or Role, I sould be able to configure wich system services it can access ( at least) or more in depth wich level of security it has.
Roles are not fixed, the sysadmin should be able to configure any Role, and assign to it any User, what is fixed are the system services. The permissions to each role for system service access should be configurable.
I hope the explanation is understandable,
Can anyone help me in order to assume this is possible with glassfish, and where could I read something nearly close to what I need (iÂ´ve read JEE tutorial, and a buch of papers of security in EJB and Web tier but none provides information for my requieremtent).