Re: [Acegisecurity-developer] Spring Security and Java Persistence API
Aleksei Valikov wrote: Hi. I am a newbie to Spring Security. I am interested to know if anyone has used Spring Security with Java Persistence API to provide authentication, access control / authorization to database transactions where db access is via Java Persistence API. My search in the archives did not yield any thing like that so I would appreciate some guidance. What exactly you are up to? The simplest entry point I can imagine is implementing a JPA-based UserDetailsService. This service returns a user (UserDetails) with his rights (GrantedAuthority[]). But I guess you have something more complex in mind. Could you maybe describe a usage scenario? Here is a simple use case to put my app's requirements in perspective: * My data is stored in a RDBMS and accessed via Java Persistence API * I want to use Spring Security for pluggable authentication * I need to use XACML for fine-grained custom Role based Access Control (RBAC) * When a client request is processed I want to: o Get the list of objects that will be impacted by the request. This is likely where I need some hooks into the database to place interceptors in the db transaction processing pipeline o Get the principal associated with the request o For each object impacted do access control check based on associated XACML Access Control Policy XACML-based authorization is more complex than simply whether a principal has access to a particular row in a table. For example access may be granted or denied based upon values of certain attribute in a row or even values in attributes of a row that is referenced by the row being impacted. I am trying to understand how I would implement this. My knowledge of Spring Security is pretty limited at present and I cannot see yet what is a JPA-based UserDetailService and how it might help my use case. Thanks for any additional guidance I can get on address my use case with Spring Security. -- Regards, Farrukh Web: http://www.wellfleetsoftware.com - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Spring Security and Java Persistence API
Dear colleagues, I am a newbie to Spring Security. I am interested to know if anyone has used Spring Security with Java Persistence API to provide authentication, access control / authorization to database transactions where db access is via Java Persistence API. My search in the archives did not yield any thing like that so I would appreciate some guidance. Thank you. -- Regards, Farrukh Web: http://www.wellfleetsoftware.com - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Spring Security and Java Persistence API
Hi. I am a newbie to Spring Security. I am interested to know if anyone has used Spring Security with Java Persistence API to provide authentication, access control / authorization to database transactions where db access is via Java Persistence API. My search in the archives did not yield any thing like that so I would appreciate some guidance. What exactly you are up to? The simplest entry point I can imagine is implementing a JPA-based UserDetailsService. This service returns a user (UserDetails) with his rights (GrantedAuthority[]). But I guess you have something more complex in mind. Could you maybe describe a usage scenario? Bye. /lexi - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer