aspose file tools*
The moose likes Spring and the fly likes Java based security framework for a category scoped permission design Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Java based security framework for a category scoped permission design" Watch "Java based security framework for a category scoped permission design" New topic
Author

Java based security framework for a category scoped permission design

Dk Bose
Greenhorn

Joined: Jul 11, 2011
Posts: 3
I have a pretty complex requirement for the permissions framework for my application where we have users and groups(of users). Users can be associated with multiple groups with relationships like Group Lead, Group Member, Group Guest. A user can be associated to his subordinate users i.e the one's who reports to him.
Now I have permissions such that each permission can have multiple scopes like "Create a report template" is a permission that can have scopes like "for groups that I lead", "for groups that I am member of", "groups I am guest of", "for users who report to me". The permission can be checked for none or all of the above categories for a user.

My security service cannot be applied at the controller layer as my client can be a GWT widget that directly uses the Java service. So I need to apply the security at the Java service level preferably using annotation based security like the one Spring Security provides as I do not intend to write security codes inside my service methods.

My research on Spring Security ACL has not been able to fit my requirements as I did not find the interfaces flexible enough to accommodate my needs or maybe there is something that I am missing.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
Check out the Apache Shiro project. I think it's based on a Java API, not on annotations, though.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Java based security framework for a category scoped permission design