• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Java based security framework for a category scoped permission design

 
Dk Bose
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a pretty complex requirement for the permissions framework for my application where we have users and groups(of users). Users can be associated with multiple groups with relationships like Group Lead, Group Member, Group Guest. A user can be associated to his subordinate users i.e the one's who reports to him.
Now I have permissions such that each permission can have multiple scopes like "Create a report template" is a permission that can have scopes like "for groups that I lead", "for groups that I am member of", "groups I am guest of", "for users who report to me". The permission can be checked for none or all of the above categories for a user.

My security service cannot be applied at the controller layer as my client can be a GWT widget that directly uses the Java service. So I need to apply the security at the Java service level preferably using annotation based security like the one Spring Security provides as I do not intend to write security codes inside my service methods.

My research on Spring Security ACL has not been able to fit my requirements as I did not find the interfaces flexible enough to accommodate my needs or maybe there is something that I am missing.
 
Tim Moores
Bartender
Posts: 2749
38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Check out the Apache Shiro project. I think it's based on a Java API, not on annotations, though.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic