Java EE Role Management systems - do they exist?

Question

I'm looking at creating a decentralized role-management system which integrates with Java EE roles. Does anything like this exist?

Example use cases:

System A is a limited-access system which uses corporate roles. John joins a team, and requires SYSTEM_A_READONLY to perform his function. He logs on to the decentralised role-management system, and puts in a request for SYSTEM_A_READONLY. Bill is the administrator for System A, and receives a notification that John has applied for this access. He can then log on to the same system and approve the request. John now has access to System A.

System B is a sensitive customer management system. It has 1 role for each company that it serves. Currently it has SYSTEM_B_CLIENT_FOO, SYSTEM_B_CLIENT_BAR, etc. Greg is the administrator for this system, and he is notified by the sales team that TNT have signed on as a customer. He logs on to the role management system, and adds the new client. Web Application C (hosted remotely, but still using corporate roles) detects the new role, and adds it as an option for it's users.

Hope that makes sense. I've looked into making it myself, but it seems like a requirement that must be quite common.

Answer 1

I don't think anything like this exists. The requirement indeed seems quite common, but I think appearances are deceiving. Every company, for ever (range of) application(s), will have very specific requirements concerning the interface to administer users and roles.

Depending on the requirements, it may also be reasonably simple to set up. If 'putting in a request' simply means 'an email is sent to the admin' and 'adding the client' means logging in using a simple, CRUD-framework generated, admin and filling out a form, then you are already done.

Answer 2

You could look at Apache Shiro http://incubator.apache.org/shiro/ although I'm not sure it's either ready for prime time or completely does what you're looking for out of the box.

You could develop the authorization components using Spring Security, specifically by implementing your own AccessDecisionVoter and UserDetailsService. The entities, persistence and web ui components are pretty straightforward, you could do those in whatever framework you're comfortable with.