• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

How to implement it with Acegi?

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Our application has the next architecture:
We have a big amount of users and services.
Each user may has the next authorities for each service:
view, edit, delete ... (custom).

The task is to do it with Acegi (Spring Security) and with a big amount of users not to have application failure - because if for each logged in user application will store all authorities for all services and will store it in memory - it is not good idea.

I have read the Acegi Reference to understand how to implement when the concrete user accesses the concrete service to check in database granted authorities (view, edit, delete ....).

After investigation Chapter 21. Secure Object Implementations approach I understood that this approach is role-based, but in my cases it is not possible to have roles.

Also I have looked at Chapter 22. Domain Object Security (ACL) but there we may find the next:

Instead, security decisions need to comprise both who
(Authentication), where (MethodInvocation) and what (SomeDomainObject). In other words, authorization
decisions also need to consider the actual domain object instance subject of a method invocation.


So as I understand we have ACL approach in order to distinguish objects access of the same class for different users - but I have different objects of different classes - i.e. services, so, as I understand, I cannot use this approach.

Also I have looked at IBM article
http://www-128.ibm.com/developerworks/java/library/j-acegi3/?S_TACT=105AGX02&S_CMP=ART

They write that I may hook interceptor to my object.
As I understand I may hook interceptor for each my service and check permissions (view, edit, delete ...) in database each time during invocations - will it be right or what approach should I use?

Or may be I should consider to use other framework?

Thanks,
 
You're not going crazy. You're going sane in a crazy word. Find comfort in this tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic