• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to implement it with Acegi?

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Our application has the next architecture:
We have a big amount of users and services.
Each user may has the next authorities for each service:
view, edit, delete ... (custom).

The task is to do it with Acegi (Spring Security) and with a big amount of users not to have application failure - because if for each logged in user application will store all authorities for all services and will store it in memory - it is not good idea.

I have read the Acegi Reference to understand how to implement when the concrete user accesses the concrete service to check in database granted authorities (view, edit, delete ....).

After investigation Chapter 21. Secure Object Implementations approach I understood that this approach is role-based, but in my cases it is not possible to have roles.

Also I have looked at Chapter 22. Domain Object Security (ACL) but there we may find the next:

Instead, security decisions need to comprise both who
(Authentication), where (MethodInvocation) and what (SomeDomainObject). In other words, authorization
decisions also need to consider the actual domain object instance subject of a method invocation.


So as I understand we have ACL approach in order to distinguish objects access of the same class for different users - but I have different objects of different classes - i.e. services, so, as I understand, I cannot use this approach.

Also I have looked at IBM article
http://www-128.ibm.com/developerworks/java/library/j-acegi3/?S_TACT=105AGX02&S_CMP=ART

They write that I may hook interceptor to my object.
As I understand I may hook interceptor for each my service and check permissions (view, edit, delete ...) in database each time during invocations - will it be right or what approach should I use?

Or may be I should consider to use other framework?

Thanks,
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic