Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Framework like Spring Security for Java EE?

Spring Security offers many powerful security mechanisms but it doesn't fit properly into a Java EE (EJB) environment. One problem is that Spring Security stores the SecurityContext in a ThreadLocal object which is not suitable for clusters. Spring Security relies on services (AOP for example) from Spring core which are not available if the EJB container manages the object. And Spring Security needs Spring core to wire itself, what I'd like to avoid since Java EE has already dependency injection mechanisms.

Is there a security framework tailor-made for Java EE? I'd like to have ACLs or a more flexible role mechanisms for example.

like image 977
deamon Avatar asked Nov 15 '22 12:11

deamon


1 Answers

If neither the Java EE security model nor Spring Security suit your needs, then I'm afraid you'll have to roll out your own custom solution - maybe a custom JAAS LoginModule - as you won't find anything equivalent (at least not in the open source world to my knowledge). But be aware, JAAS is not really a pleasant API and this won't be an easy task. More resources on this topic in Further Information about Security (see the bottom of the page).

like image 121
Pascal Thivent Avatar answered Dec 01 '22 01:12

Pascal Thivent