Aleksei Valikov wrote:
> Hi.
>
>
>> I am a newbie to Spring Security.
>>
>> I am interested to know if anyone has used Spring Security with Java
>> Persistence API to provide authentication, access control /
>> authorization to database transactions where db access is via Java
>> Persistence API.
>>
>> My search in the archives did not yield any thing like that so I would
>> appreciate some guidance.
>>
>
> What exactly you are up to?
>
> The simplest entry point I can imagine is implementing a JPA-based
> UserDetailsService. This service returns a user (UserDetails) with his
> rights (GrantedAuthority[]).
>
> But I guess you have something more complex in mind. Could you maybe
> describe a usage scenario?
>
>
Here is a simple use case to put my app's requirements in perspective:
* My data is stored in a RDBMS and accessed via Java Persistence API
* I want to use Spring Security for pluggable authentication
* I need to use XACML for fine-grained custom Role based Access
Control (RBAC)
* When a client request is processed I want to:
o Get the list of objects that will be impacted by the
request. This is likely where I need some hooks into the
database to place interceptors in the db transaction
processing pipeline
o Get the principal associated with the request
o For each object impacted do access control check based on
associated XACML Access Control Policy
XACML-based authorization is more complex than simply whether a
principal has access to a particular row in a table. For example access
may be granted or denied based upon values of certain attribute in a row
or even values in attributes of a row that is referenced by the row
being impacted.
I am trying to understand how I would implement this. My knowledge of
Spring Security is pretty limited at present and I cannot see yet what
is a JPA-based UserDetailService and how it might help my use case.
Thanks for any additional guidance I can get on address my use case with
Spring Security.
--
Regards,
Farrukh
Web: http://www.wellfleetsoftware.com
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
