Hi, I have been looking at JAAS and implementations like jGuard, Acegi etc over the last two weeks , but still couldn't decide/understand which to go for in my application.
Here's a brief description of my application:- A social game kind of app(with open collaborative forums/discussions/groups) with Flex on the Front end and J2EE on the back-end(JBoss is the application Server). The authentication will be through Shibboleth. As for authorization, typical functions of various roles could be adding/deleting posts/threads, creating/deleting groups(of people),creating/deleting/assigning roles dynamically(the group leader could create role-hierarchy within the group and assign people to various roles), assigning tasks etc.
I would like your suggestions on the following:-
- Does JAAS work for me ? I still cannot understand the scope of JAAS Authorization.
- Have been looking at jGuard, but the documentation is limited. I am having a really hard time to set it up. I am not ever sure if it serves all of my needs. Are there any other similar implementations?
- Any other ways of implementing RBAC in my application ?
Thanks.