I got a little familiar with some of the features on the site about what spring offers.
But I just want to make sure before diving in or even starting my own simple solution, hoping for some confirmation from experienced developers who used spring protection.
Im currently developing using jsf2 + primefaces, spring3, jpa2 + hibernate
I have these needs:
- there is a list of users and user groups
- it is necessary to authenticate the user at the login (it is so simple, it should already be supported)
- the security system can be configured for modules (java project packages or can be viewed as a menu / program in the user interface), therefore, if the user is configured to access all programs in menu 1 and menu 3 and only 1 in menu 4, then the menu will be displayed only allowed, and accessing directly to an invalid menu / program URL will result in an error.
- it is necessary to authenticate the user in service methods (simple java methods) at levels such as readonly level, r / w level. So, for example, if we can configure this public void save (...) to access r / w, only users who are granted r / w access can call this method
- can even extend this to JSF 2 xhtml, where I can use r or r / w access to turn on / off buttons or links or other materials, perhaps programmatically using the disabled attribute of the jsf component.
- it would be better if some of these functions, such as program authentication or service methods, were performed transparently using AOP without polluting business process codes.
Please share your views on this.
Thank!
source
share