aspose file tools*
The moose likes Spring and the fly likes Security RBAC Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Security RBAC" Watch "Security RBAC" New topic
Author

Security RBAC

Stephane Clinckart
Ranch Hand

Joined: Oct 21, 2003
Posts: 89
Hi,

I would like to know if Spring security provide an esay way to integrate security based on a RBAC model.

- Where are stored the groups?
- Is it possible to add groups dynamicly?
- Is it possible to have "system" users?
- Where are the users stored?
- Is it possible to add users dynamicly?

If I want to secure my "datas"... with a RBAC model... what is provided by Spring Security?

How easy is it to have security based on a calendar?
--> Permission X is provided to user Y from 10 till 20 of june by exemple?

How easy is it to implement permission delegation?
--> User X has permission a, b, c and what to delegate permission c to user Y during his hollidays (from 10 to 20 of july by exemple).

Is Spring Security the right framework to achieve this kind of problems?

If yes... could you spot some samples on the net?
--> Are that kind of problems explained in your book?

Thanks a lot.

Stephane Clinckart
Peter Mularien
Author
Ranch Hand

Joined: Sep 06, 2007
Posts: 84
Hello Stephane,

Lots of questions - I'm not sure I can answer them all directly, since a lot depends on the particular implementation constraints that you have.

In general, the part of Spring Security that you'd look to in order to implement this type of functionality is the ACL module. This module is covered in Chapter 7 of the book, although really it's complex enough (and real-world examples are typically even more so) that you could probably write hundreds of pages on ACL implementations and extensions alone. For example, much of what you describe comes out of the box, but things like the calendar-based permissions do not, and to implement this, you'd need to be comfortable enough with the Spring Sec ACL implementation to extend it to provide this functionality.

I hope that answers your question!

Best,
Peter


Author, Spring Security 3 (the Book), Packt Publishing, 2010
SCJP, OCP
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8898

Can you please tell me what is RBAC model ?


Groovy
Stephane Clinckart
Ranch Hand

Joined: Oct 21, 2003
Posts: 89
Pradeep bhatt wrote:Can you please tell me what is RBAC model ?


Have a look to this definition: http://en.wikipedia.org/wiki/Role-based_access_control

It will be more comprehensible than my explainations ;-)
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Security RBAC
 
Similar Threads
RBAC - Role-Based Access Control
Returning A List Of Variables From A Folder Of Documents And Returning Them Into A New Document
Axis2 - Unable to engage rampart
Spring 2.5 Aspect Oriented Programming
Spring security framework with fine grained permissions