Aleksei Valikov wrote: > Hi. > > >> I am a newbie to Spring Security. >> >> I am interested to know if anyone has used Spring Security with Java >> Persistence API to provide authentication, access control / >> authorization to database transactions where db access is via Java >> Persistence API. >> >> My search in the archives did not yield any thing like that so I would >> appreciate some guidance. >> > > What exactly you are up to? > > The simplest entry point I can imagine is implementing a JPA-based > UserDetailsService. This service returns a user (UserDetails) with his > rights (GrantedAuthority[]). > > But I guess you have something more complex in mind. Could you maybe > describe a usage scenario? > >
Here is a simple use case to put my app's requirements in perspective: * My data is stored in a RDBMS and accessed via Java Persistence API * I want to use Spring Security for pluggable authentication * I need to use XACML for fine-grained custom Role based Access Control (RBAC) * When a client request is processed I want to: o Get the list of objects that will be impacted by the request. This is likely where I need some hooks into the database to place interceptors in the db transaction processing pipeline o Get the principal associated with the request o For each object impacted do access control check based on associated XACML Access Control Policy XACML-based authorization is more complex than simply whether a principal has access to a particular row in a table. For example access may be granted or denied based upon values of certain attribute in a row or even values in attributes of a row that is referenced by the row being impacted. I am trying to understand how I would implement this. My knowledge of Spring Security is pretty limited at present and I cannot see yet what is a JPA-based UserDetailService and how it might help my use case. Thanks for any additional guidance I can get on address my use case with Spring Security. -- Regards, Farrukh Web: http://www.wellfleetsoftware.com ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer