Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Alternatives to spring-security in Java (spring)

Tags:

java

authentication

spring

authorization

I'm looking for a good security framework that allows to annotate parameter based access rules to methods.

Basicly i want to check if the authenticated user is allowed to call a certain method with a specific object as a parameter.

Spring security would serve my needs but because of this (spring forum) i'm looking for alternatives if i'm unable to get it to work.

Requirements:

  • method security based on config or annotations, i want to avoid puting my security code insite my service methods
  • rules are based on parameters of the methods, simple role based security is not enough
  • spring support out of the box is a plus

Any recommendations?

like image 761
Laures Avatar asked Apr 12 '12 13:04

Laures

People also ask

Is Spring Security necessary?

The Spring Security framework is a reliable way for Java developers to secure applications. However, proper implementation is critical to prevent the most common vulnerabilities.

Is Spring Security deprecated?

Spring Security allows customizing HTTP security for features such as endpoints authorization or the authentication manager configuration by extending a WebSecurityConfigurerAdapter class. However, since recent versions, Spring deprecates this approach and encourages a component-based security configuration.

How do I bypass spring boot security?

To disable Security Auto-Configuration and add our own configuration, we need to exclude the SecurityAutoConfiguration class from auto-configuration. If you have spring-boot-actuator included in your dependecies then you need to exclude ManagementWebSecurityAutoConfiguration class from auto-configuration.

1 Answers

Apache Shiro stands in competition to Spring Security. Is easier, covers more. See here.

like image 80
Joop Eggen Avatar answered Oct 13 '22 00:10

Joop Eggen
Sign in to Comment

Related questions

Why are JSR/RET deprecated Java bytecode?
Java: overloaded method resolution and varargs -- confusing example
How to invoke another serializer from a custom Gson JsonSerializer?
Is the source code of native methods available?
Why is my application running faster in IntelliJ compared to command-line?
SSHJ Example of Public Key Auth from File
What alternatives are there to the pHash open source perceptual hash library? [closed]
How do I query for dates in Spring Data MongoDB repository?
How to exclude ClientAbortException from SimpleMappingExceptionResolver
Garbage collector log (loggc) file rotation with logrotate does not work properly
Should a Service class be singleton in java?
Java Metaprogramming
Querying CompositeType columns in Cassandra using Hector
Is there a way add auto completion support for Java to Sublime Text 2?
Resolving Apache Ivy dependencies when offline/disconnected?
Do we ever need to prefer constructors over static factory methods? If so, when?
Tutorials for Mozilla Rhino
Simple OCR app using android camera [duplicate]
How to use MATLAB code in mapper (Hadoop)?
Java: Extending Class At Runtime

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!