tags:

views:

130

answers:

2
+2  Q: 

Authorization engine in java

In the course of my work i need to develop an authorization engine ( i'm already authenticated and i check access of a user to an action ) in order to store all the authorization logic inside a same place and be able to reuse it and i have created the mini library.

http://github.com/eltados/canny

what do you think about it?

Is there any lightweight Authorization engine library i could have a look at?

+3  A: 

I'd use Spring Security before I developed anything of my own. Authorization and authentication are cross-cutting concerns. Spring properly puts them in aspects that you can configure down to the method level.

duffymo  2010-05-04 09:46:48
+2  A: 

I only had a brief look and was wondering whether you had considered the following questions:

  • I'm not a fan of using a static attribute to store the Authorisation object and all the rules, this could lead to problems in clustered environments or when multiple applications share an appserver (I'm thinking shared classloader problems with JBoss here)
  • The canny engine provides no out-of-the-box functionality for dynamically accessing authorisation stores. As far as I can tell in order to get user/permission information from LDAP or a database, a custom rule needs to be created.
  • I'm not sure whether having the definitions of the rules in code is the best place, as it will mean having to rewrite/rebuild/redeploy code to change the rules.

Note, maybe I have misunderstood some of the concerns, but the readme and test classes were a little bit sparse.

Personally, Spring Security has been my Authentication/Authorisation framework of choice.

Hope that helps.

beny23  2010-05-04 09:52:41
Interesting opinion i have developed as a version simple Authorization engine ( really as a side project ) I'm not an experienced programmer I'm working in a single app single server environment so i never came across problems of clustered environment, I will try to investigate this and see how my code is problematic.Canny does not support any out of the box authorization mechanism this is due to the fact that the project is really young, and the app i use already had a custom ( but badly designed user/permission system ) that i plugged into Canny but make no sense to release.
 2010-05-04 10:05:42
In code definition of the rules make sense in the environment in which i'm working, it is easier to implement for and more flexible but i will consider having a Xml definition of the rules ( even if i'm not a big fan of XML ).The readme and test classes are quite sparse and i really appreciate you took some of your time to evaluate this project and came back with constructive answers
 2010-05-04 10:09:54
this mean idea was to have a Can method that you can use anywhere in your application and not have to worry about the implementation of the logic behind it
 2010-05-04 11:22:36

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java