Framework how Spring Security for Java EE?

Question

Framework how Spring Security for Java EE?

Spring Security offers many powerful security mechanisms, but is not suitable for the Java EE (EJB) environment. One problem is that Spring Security stores the SecurityContext in a ThreadLocal object, which is not suitable for clusters. Spring Security depends on services (such as AOP) on the Spring core, which are not available if the EJB container is managing the object. And Spring Security needs the Spring core to connect itself, which I would like to avoid, since Java EE already has dependency injection mechanisms.

Is there a security infrastructure specifically designed for Java EE? I would like to have ACLs or more flexible role mechanisms, for example.

+5

java java-ee security spring-security ejb

deamon Feb 11 '10 at 13:53

source share

2 answers

Pascal thivent · Answer 1 · 2010-02-12T01:00:34+0000

If neither the Java EE security model nor Spring Security meets your needs, I’m afraid you will have to deploy your own solution - perhaps a custom JAAS LoginModule - as you will not find something equivalent (at least not in an open world source code, as far as I know). But keep in mind, JAAS is not a very nice API, and it will be a daunting task. Additional resources on this topic in Additional Security Information (see bottom of page).

Jesper tejlgaard · Answer 2 · 2010-05-20T08:43:38+0000

Have you tried Seam Security? It supports ACLs, if I remember correctly.

Framework how Spring Security for Java EE?

More articles: