I'm not sure if many people have ever bridged this discussion. I work with a number of applications that use a common security model. It's home grown security application consisting mainly of EJBs and Read Only Entity Beans. In it we maintain credentials about a user: username/password, roles, permissions (Create, Read, Update, Delete, Execute), etc...
I am finding that our ACL lookups for security are so expensive that our applications that extend these Security APIs suffer in performance and scalability. I am curious if anyone in the group can point me to a white paper or specification on implementing role-based security in
Java for performance and scalability? I feel like we need a different approach to managing advanced level security.
Regards,
Steve