I'm not having any luck finding one.
+2
A:
There's Spring Security (previously known as Acegi).
Haven't used it myself, but I've heard good things about it. Most effective when used with the rest of Spring, obviously, but I think you can use it in a general way.
Jon Skeet
2009-05-05 06:14:43
+2
A:
Spring Security (formerly Acegi) will be the one most people recommend. In the end I found it very hard to setup up the way I wanted it to behave. Mainly because I didn't want to check access against the role of a user. What I wanted was user's who belong to user groups (ie. have roles) which then have "permissions" and access is checked against a "Permission", not a role (user group).
kosoant
2009-05-05 06:15:55
I think I'm looking for something along the lines you speak of. I need roles but I want actions (or individual permission for action) to belong to those roles, but allow certain deviations for specific users. So, for example, there might be an action of "delete" which would generally belong to role : Admin and not to User, but for a SPECIFIC user (Joe Schmoe) I could grant Delete access. It's not too hard to write, just thought someone might have already written it :)
Dr.Dredel
2009-05-05 06:44:22
That is exactly the same requirement I had! Thanks for letting me now that I'm not alone :)
kosoant
2009-05-07 11:29:33
+2
A:
Apache Ki (formerly known as JSecurity) could be what you're looking for if you're not afraid of doing some things yourself. I've personally created a completely transparent, annotation based, per-page web application security model (relying on both user roles/permissions and group roles) with it and it's capable of a lot more than just that.
Esko
2009-05-05 07:53:08