Geek Answers Handbook

Is there any Spring-Security-based off-the-shelf security package for Java?

I am developing a security subsystem for a new product. The system requires the following:

  • Complex user / group / permissions model, both service level and domain level (ACL)
  • Administration user interface for the above
  • Rules that are executed during user actions (the account is disabled when the login fails, password complexity requirements, etc.).

Before going ahead and implementing most of the features that Spring Security (2.x) lacks, I was wondering if anyone is familiar and can he recommend a package that can already implement / support these requirements? ideally JAR + WAR, which can be dropped into the project and maintain everything ready.

thanks

+6
java spring spring-security
source share
2 answers

Not exactly what you are looking for, but you might be interested in checking out jSecurity . This is a well-designed security system that handles authentication, authorization, and small permissions. But from what I can collect, like Spring Security , they try not to make assumptions about how this data is stored and organized. (I did not find, for example, a reference implementation for the user, roles, permissions, etc. in the database.)

Note that the JSecurity project is constantly moving to the Apache Software Foundation and is now known as the project

+1
source share

Interestingly, you asked, I also have a very similar requirement, and I have been looking for this for a while. I gave up and started doing it myself and made decent progress over the past 2 weeks. Currently, I have support for domain identifiers, which are not necessarily Long, can be anything, for example, a wild-card string to indicate a group of things that can be provided to the authority (ROLE, GROUP, USER) or String identifier or even along. You can define several types of permissions, each with their or permission sets, and these types of permissions can be assigned as supported by the protected object, and the instances will be protected by them, so you do not have a limit on a maximum of 32 possible permissions through the system. You can also use any actual or virtual objects in the ACL configuration. All of this is based on Spring's new (3.0.0.R1) security with support for method expressions, and it works pretty well. All of this uses hibernation, so you can use transparent persistence and distributed caching. There are many rough edges, but as proof of the concept, it was expected. In any case, let me know if you are interested, and we could work together to make this useful for us and, possibly, for others.

0
source share

More articles:


All Articles