Mar
24
Spring Security 2
Spring Security 2 - supporting Group based Security
The application I am working on has requirements for Authentication and Authorization. However, rather than just having username/password kind of security, this application involves another level 'Group'. Group refers to a group of users. Groups are mutually exclusive which means user in one group can not be a user in another group. User in one groups shall not be able to see/work on data belonging to another group.
To me, it appears that this shall be a very common scenario, but I have never seen any open-source project providing such an implementation/built-in-support. I faced the same issue while evaluating JOSSO for Single Sign On, and now while trying to implement the application security using Spring Security.
The application I am working on has requirements for Authentication and Authorization. However, rather than just having username/password kind of security, this application involves another level 'Group'. Group refers to a group of users. Groups are mutually exclusive which means user in one group can not be a user in another group. User in one groups shall not be able to see/work on data belonging to another group.
To me, it appears that this shall be a very common scenario, but I have never seen any open-source project providing such an implementation/built-in-support. I faced the same issue while evaluating JOSSO for Single Sign On, and now while trying to implement the application security using Spring Security.