We implement a new Enterprise Application on EE6 and JSF2.0. Is there a good ACL security framework available which we can integrate in our application? Acegi looks good but we didn´t use the Spring framework. I´ve seen some other frameworks but nothing seems to fit our requirements. Perhaps there is another security mechanism we can use? Our security model uses roles. Each role has a different set of access rights (view, edit, create,...). The roles could be assigned to objects.
The object "Adress" is visible for each users that are members of the role Admin.
The object "Adress" can be edited by each users of the role Supervisor.