This week's book giveaway is in the Big Data forum.
We're giving away four copies of Elasticsearch in Action and have Radu Gheorghe & Matthew Lee Hinman on-line!
See this thread for details.
The moose likes Security and the fly likes How to implement it with Acegi? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Elasticsearch in Action this week in the Big Data forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "How to implement it with Acegi?" Watch "How to implement it with Acegi?" New topic

How to implement it with Acegi?

Geek Smiles

Joined: Apr 19, 2008
Posts: 2
Our application has the next architecture:
We have a big amount of users and services.
Each user may has the next authorities for each service:
view, edit, delete ... (custom).

The task is to do it with Acegi (Spring Security) and with a big amount of users not to have application failure - because if for each logged in user application will store all authorities for all services and will store it in memory - it is not good idea.

I have read the Acegi Reference to understand how to implement when the concrete user accesses the concrete service to check in database granted authorities (view, edit, delete ....).

After investigation Chapter 21. Secure Object Implementations approach I understood that this approach is role-based, but in my cases it is not possible to have roles.

Also I have looked at Chapter 22. Domain Object Security (ACL) but there we may find the next:

Instead, security decisions need to comprise both who
(Authentication), where (MethodInvocation) and what (SomeDomainObject). In other words, authorization
decisions also need to consider the actual domain object instance subject of a method invocation.

So as I understand we have ACL approach in order to distinguish objects access of the same class for different users - but I have different objects of different classes - i.e. services, so, as I understand, I cannot use this approach.

Also I have looked at IBM article

They write that I may hook interceptor to my object.
As I understand I may hook interceptor for each my service and check permissions (view, edit, delete ...) in database each time during invocations - will it be right or what approach should I use?

Or may be I should consider to use other framework?

wood burning stoves
subject: How to implement it with Acegi?