« A couple of good... | Main | Live Coding for 4... »
20070524 Thursday May 24, 2007

The Security Annotation Framework Spotted on the Acegi Security mailing list several weeks ago:

A few weeks ago, I started an open source project (Security Annotation Framework) which addresses annotation-based, instance-level access control for Spring applications. It is also based on Spring 2.0's extensible XML authoring features. You can find more info at

http://sourceforge.net/projects/safr and http://safr.sourceforge.net

The framework was created during a project in 2006 and is now available under the Apache 2.0 license. It's a generic framework focused on processing security annotations on Spring beans as well as domain objects (which typically aren't managed by a Spring application context) and can be used to enforce access decisions for domain object instances. It can be used with any authorization provider and is not specific to Acegi. However, I plan to include an example how to use the SAF with Acegi authorization soon. Furthermore, it supports inheritance of annotations from base classes and interfaces.

What do you think about SAF? Are annotations a better way of implementing ACLs on domain objects? Posted in Java at May 24 2007, 12:42:35 PM MDT 1 Comment

Comments:

You could use something based on the standar security annotations from JavaEE 5, like is done in the Spring-Annotations security module ... http://sannotations.sourceforge.net/security.html of course your implementation has a broader audience, the spring-annotations module only works in spring managed beans, not on domain objects ...

Posted by Rodrigo Urubatan Ferreira Jardim on May 24, 2007 at 03:02 PM MDT #

Post a Comment:
  • HTML Syntax: Allowed