Standard instance-level authorization in Java?
March 12, 2010 5:21 AM Subscribe
What is the standard for instance-level access control/authorization in java web applications?
In some existing code, I need to lock down access to user-generated content so it's only editable by admins and the creator. Currently this happens in the JSP frontend, but this is clearly not the best solution.
It seems like I want JACC, but with the (insane, unmanageable, frustrating, wanky) proliferation of java-related technologies and acronyms, I'm not really sure.
I'm on Glassfish v2/Java 1.5/Netbeans, if any of that matters. We use spring (not the MVC part) in some parts of the project, but not the part to which I'm applying access control.
In some existing code, I need to lock down access to user-generated content so it's only editable by admins and the creator. Currently this happens in the JSP frontend, but this is clearly not the best solution.
It seems like I want JACC, but with the (insane, unmanageable, frustrating, wanky) proliferation of java-related technologies and acronyms, I'm not really sure.
I'm on Glassfish v2/Java 1.5/Netbeans, if any of that matters. We use spring (not the MVC part) in some parts of the project, but not the part to which I'm applying access control.
Have you looked at Spring Security? It can do method level access control, and since you're already using Spring it seems like it might be worth a look.
posted by lex mercatoria at 10:37 AM on March 12, 2010
posted by lex mercatoria at 10:37 AM on March 12, 2010
This thread is closed to new comments.
posted by beerbajay at 5:48 AM on March 12, 2010