For Java web app development on GAE, I would like to add users androles management. Is there a basic Java library which provides role management (maybe based on annotations) which I could use as a foundation?
A:
Spring Security supports various models, including role-based auth. You can use XML configuration, as well as annotation-based declaration or even implement your own providers.
Eugene Kuleshov
2010-02-10 19:55:26
looks great - this could be my first contact with Spring, finally :)
mjustin
2010-02-10 20:02:04
i don't know if the issues addressed here are still relevant, but it appears as though spring security may need some tweaking before it will work on app engine. http://groups.google.com/group/google-appengine-java/browse_thread/thread/964e7f5e42840d9c
Peter Recore
2010-02-10 22:56:23
Peter, it may be already resolved in version 3. I am not experiencing anything like that using that version in my GAE application.
Eugene Kuleshov
2010-02-15 18:41:16
A:
This looks promising:
SecurityFilter is a Java Servlet Filter that mimics container managed security. It looks just like container managed security to your app, as you can call request.getRemoteUser(), request.isUserInRole(), and request.getUserPrincipal() and get valid responses. The Security Filter configuration file follows the web.xml standard, which makes it easy to switch to Security Filter from container managed security, or switch back as your requirements or deployment environment details change.
mjustin
2010-02-18 19:58:39