Paulo Zenida, Manuel Menezes de Sequeira, Diogo Henriques, Carlos Serrão



This paper proposes Zás, a novel, flexible, and expressive authorization mechanism for Java. Zás has been inspired by Ramnivas Laddad’s proposal to modularize Java Authentication and Authorization Services (JAAS) using an Aspect-Oriented Programming (AOP) approach. Zás’ aims are to be simultaneously very expressive, reusable, and easy to use and configure. Zás allows authorization services to be non-invasively added to existing code. It also cohabits with a wide range of authentication mechanisms. Zás uses Java 5 annotations to specify permission requirements to access controlled resources. These requirements may be changed directly during execution. They may also be calculated by client supplied permission classes before each access to the corresponding resource. These features, together with several mechanisms for permission propagation, expression of trust relationships, depth of access control, etc., make Zás, we believe, an interesting starting point for further research on the use of AOP for authorization.


  1. AspectJ Team ([April 16th, 2006]). The AspectJ project at Eclipse.org. http://www.eclipse.org/aspectj/.
  2. Clifton, C. and Leavens, G. T. (2002). Spectators and assistants: Enabling modular aspect-oriented reasoning. 10Namely FénixEDU R . See http://
  3. Coté, M. ([April 16th, 2006]). JAAS book: Java authentication and authorization. Originally written for publication by Manning, http://www.jaasbook.com/.
  4. Ferraiolo, D. F., Kuhn, D. R., Chandramouli, R., and Barkley, J. ([8th March, 2006]). Role Based Access Control (RBAC). http://csrc.nist.gov/rbac/.
  5. Filman, R. E. and Friedman, D. P. (2005). Aspectoriented programming is quantification and obliviousness. In Aspect-Oriented Software Development, chapter 2, pages 21-35. Addison-Wesley, Boston, Massachusetts.
  6. Laddad, R. (2003). AspectJ in Action. Manning, Greenwich, Connecticut.
  7. Lai, C., Gong, L., Koved, L., Nadalin, A., and Schemers, R. (1999). User authentication and authorization in the JavaTMplatfom. In Proceedings of the 15th Annual Computer Security Applications Conference, Phoenix, Arizona.
  8. Oaks, S. (2005). Java Security. O'Reilly, 2nd edition.
  9. Recebli, E. A. (2005). Pure aspects. Master's thesis, University of Oxford, Computing Laboratory.
  10. Samar, V. and Lai, C. (1996). Making login services independent of authentication technologies. In Proceedings of the SunSoft Developer's Conference. http://java.sun.com/security/jaas/doc/pam.html.
  11. Sandhu, R., Coyne, E. J., Feinstein, H. L., and Youman, C. E. (1996). Role-based access control models. IEEE Computer, 29(2):38-47.
  12. Sun Microsystems, Inc. ([April 16th, 2006]). Java technology: Security and the Java platform. http://java.sun.com/security/.
  13. Yoder, J. and Barcalow, J. (1997). Architectural patterns for enabling application security. In PLoP'97, Proceedings of the 4th Conference on Patterns Language of Programming.
  14. Zenida, P., Menezes de Sequeira, M., Henriques, D., and Serra˜o, C. (2006). Zás - Aspect-Oriented Authorization Services (first take). Technical Report CI-2006-01, CI, ISCTE, Lisboa, Portugal. http://ci.iscte.pt/publicacoes/relatorios tecnicos/CI2006-01.pdf.

Paper Citation

in Harvard Style

Zenida P., Menezes de Sequeira M., Henriques D. and Serrão C. (2006). ZÁS - ASPECT-ORIENTED AUTHORIZATION SERVICES . In Proceedings of the First International Conference on Software and Data Technologies - Volume 1: ICSOFT, ISBN 978-972-8865-69-6, pages 46-53. DOI: 10.5220/0001320600460053

in Bibtex Style

author={Paulo Zenida and Manuel Menezes de Sequeira and Diogo Henriques and Carlos Serrão},
booktitle={Proceedings of the First International Conference on Software and Data Technologies - Volume 1: ICSOFT,},

in EndNote Style

JO - Proceedings of the First International Conference on Software and Data Technologies - Volume 1: ICSOFT,
SN - 978-972-8865-69-6
AU - Zenida P.
AU - Menezes de Sequeira M.
AU - Henriques D.
AU - Serrão C.
PY - 2006
SP - 46
EP - 53
DO - 10.5220/0001320600460053