• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Java based security framework for a category scoped permission design

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a pretty complex requirement for the permissions framework for my application where we have users and groups(of users). Users can be associated with multiple groups with relationships like Group Lead, Group Member, Group Guest. A user can be associated to his subordinate users i.e the one's who reports to him.
Now I have permissions such that each permission can have multiple scopes like "Create a report template" is a permission that can have scopes like "for groups that I lead", "for groups that I am member of", "groups I am guest of", "for users who report to me". The permission can be checked for none or all of the above categories for a user.

My security service cannot be applied at the controller layer as my client can be a GWT widget that directly uses the Java service. So I need to apply the security at the Java service level preferably using annotation based security like the one Spring Security provides as I do not intend to write security codes inside my service methods.

My research on Spring Security ACL has not been able to fit my requirements as I did not find the interfaces flexible enough to accommodate my needs or maybe there is something that I am missing.
 
Saloon Keeper
Posts: 7585
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Check out the Apache Shiro project. I think it's based on a Java API, not on annotations, though.
 
reply
    Bookmark Topic Watch Topic
  • New Topic