This week's book giveaway is in the Performance forum.
We're giving away four copies of The Java Performance Companion and have Charlie Hunt, Monica Beckwith, Poonam Parhar, & Bengt Rutisson on-line!
See this thread for details.
Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security RBAC

 
Stephane Clinckart
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I would like to know if Spring security provide an esay way to integrate security based on a RBAC model.

- Where are stored the groups?
- Is it possible to add groups dynamicly?
- Is it possible to have "system" users?
- Where are the users stored?
- Is it possible to add users dynamicly?

If I want to secure my "datas"... with a RBAC model... what is provided by Spring Security?

How easy is it to have security based on a calendar?
--> Permission X is provided to user Y from 10 till 20 of june by exemple?

How easy is it to implement permission delegation?
--> User X has permission a, b, c and what to delegate permission c to user Y during his hollidays (from 10 to 20 of july by exemple).

Is Spring Security the right framework to achieve this kind of problems?

If yes... could you spot some samples on the net?
--> Are that kind of problems explained in your book?

Thanks a lot.

Stephane Clinckart
 
Peter Mularien
Author
Ranch Hand
Posts: 84
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Stephane,

Lots of questions - I'm not sure I can answer them all directly, since a lot depends on the particular implementation constraints that you have.

In general, the part of Spring Security that you'd look to in order to implement this type of functionality is the ACL module. This module is covered in Chapter 7 of the book, although really it's complex enough (and real-world examples are typically even more so) that you could probably write hundreds of pages on ACL implementations and extensions alone. For example, much of what you describe comes out of the box, but things like the calendar-based permissions do not, and to implement this, you'd need to be comfortable enough with the Spring Sec ACL implementation to extend it to provide this functionality.

I hope that answers your question!

Best,
Peter
 
Pradeep bhatt
Ranch Hand
Posts: 8927
Firefox Browser Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you please tell me what is RBAC model ?
 
Stephane Clinckart
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Pradeep bhatt wrote:Can you please tell me what is RBAC model ?


Have a look to this definition: http://en.wikipedia.org/wiki/Role-based_access_control

It will be more comprehensible than my explainations ;-)
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic