[jboss-dev-forums] [Design of Security on JBoss] - Re: Bringing together an unified security view

anil.saldhana@jboss.com do-not-reply at jboss.com
Tue Oct 23 11:42:16 EDT 2007 

Instance Based ACL Implementation
I talked to Scott about Seam Security and the instance based security that is important for Non-AS projects like Drools, Portal, jBPM and Seam. 


There are two prominent projects that have tried to solve instance based security:

1)  OSAccess from OpenSymphony [1] through [3]   (A dead project now)
2)  Acegi Security for Spring  [4]

I also point you to an article on IBM Developer Works for differences between container authorization (typically RBAC) and  Data Driven Authorization (Instance Based).

What we will provide:
A simple library that does a mapping between roles structure (groups, nested roles etc)  and instance based crud (bits representing CRUD). The key here is to keep it simple and fast. The library can have pluggable implementation strategies like hibernate, ldap, cache whatever.

Integration for Drools, jBPM, Portal etc:
Scott feels that they should integrate via Seam (same opinion from Proctor) because Seam is AS agnostic.  They can integrate with JBoss Security to play nice with JBAS.  Seam can then make use of the ACL implementation to provide other integration faces to different containers (WS, WL etc).

References:
OSAccess
[1] http://wiki.opensymphony.com/display/OS/OSAccess
[2] https://osaccess.dev.java.net/
[3]http://osdir.com/ml/java.open-symphony.devel/2002-07/msg00035.html    (Note: Steve Ebersole in the mail)

Acegi Security For Spring
[4] http://www.acegisecurity.org/acegi-security/apidocs/index.html
Look at the packages:   org.acegisecurity.acl, org.acegisecurity.acls and their subpackages

Authorization Concepts and Solutions for J2EE Applications
[5]http://www.ibm.com/developerworks/websphere/library/techarticles/0607_ilechko/0607_ilechko.html

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4097956#4097956

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4097956

More information about the jboss-dev-forums mailing list