Announcement Announcement Module
No announcement yet.
Spring security design question Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring security design question

    Hi, I'm a bit lost. Security is really a complex topic. Maybe you can give a suggestion. Here is what I have and what I want to model:
    • Domain object which have OWNERS
    • Domain objects have several Persmissions (ore ACEs?), read, write, publish, delete, ...
    • There are different ROLES with different permissions
    • Other users can have special persmission on Domain objects even if they are not the owner (share a document with x people)
    • permissions mus be checked in service but shall be (somehow) attached to the object in the Controller (REST) in order to view/change them.
    • changing permissions needs special permissions, of course...
    • there will be permissions in future which depend on dynamic values like "time" or "credit".
    • a clean way to set-up default permissions upon object creation would be nice (there are already factory methods in the security layer)

    What I know so far is that I want some kind of ACLs because simple Permissions like Unix has (rwx) are not sufficient. Roles can be static (user is admin) or dynamic (user is owner).

    I already use Spring authentication.

    And i don't really like EL (at least I want some syntax check at compile time)

    So, any hints how to start?