tags:

views:

221

answers:

4
Q: 

Java security in non-web app

Does anyone know of a good, open source security framework for java?

I've played with jSecurity a bit, and it seems really cool, but the documentation is so sparce I can't seem to make any progress.

Spring security seems web-app oriented -- but I may be wrong.

I am not opposed to writing this myself, but it seems like this should have been done before, why reinvent the wheel?

All this needs to do is be able to provide fine grained security permissions on each level of the app(s).

Example: App1 has actions 1, 2, 3 (like 'canOpenRemoteFiles', or 'canReprocessTransactions') App2 has actions 4, 5, 6, 7

I will ultimately need to do something like: 

// -- the call may not be this declarative
boolean foo = user.getApp1().canReprocessTransactions();
// do something with foo...

// -- or something like this
boolean bar = user.getApp2().canDoAction1();
// do something with bar...

// -- or...
ArrayList < String > dirsCanAccess = user.getApp1().getAccessableDirs();

Thanks in advance.

+2  A: 

The last time I looked at Spring-Security it seemed very much web based.

But... the Spring guys are pretty good and I suspect that they have lot of building blocks you could use from the core Spring-Security library.

Fortyrunner  2009-01-30 08:47:47
No, Spring Security is aspect-oriented, so it can be used outside a web context.
duffymo  2009-01-30 13:01:08
+1  A: 

You can use Acegi Security framework (based on Spring). The framework provides AOP based security interception that can be used to control method level access even outside the web app. The link to the framework is http://www.acegisecurity.org/

Rutesh Makhijani  2009-01-30 08:54:53
Acegi was incoporated in Spring and is now know under Spring-Security.
boutta  2009-01-30 10:41:00
A: 

Why not use JAAS? It's been a standard part of the JRE since 1.4.

Chase Seibert  2009-01-30 14:47:28
A: 

After much more digging, jSecurity was the way to go. It is not well documented, but quite simple to use.

javamonkey79  2009-02-22 22:22:00

related questions

What language do you use for Postgresql triggers and stored procedures?
Are Multiple DataContext classes ever appropriate?
Which tools do people use to create Data Dictionaries?
Any experiences with Protocol Buffers?
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
How do I index a database field
How does database indexing work?
How do I connect to a database and loop over a recordset in C#?
Editing database records by multiple users
Object Oriented vs Relational Databases
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
Embedded Database for .net that can run off a network
Connect PHP to an AS/400
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
.NET Migrations Engine
Is there a version control system for database structure changes?
SQLite and XSD
How do I version my MS SQL database in SVN?
XSD DataSets and ignoring foreign keys
Flat File Databases in PHP
Throw Error In MySQL Trigger
Binary Data in MySQL