Access Control, Entitlements in Scala, Play Framework

Question

Have to build entitlement, access control module in the current project where ACL goes at a detailed level for e.g.

Role1 can view Page1 and add ALL the fields on Page1
Role2 can view page1 and can only view 4 fields on page1
Role3 can't view page1

That was for authorization. Also have signup/authentication requirements. Custom registration will have a few fields that a new user will fill up and if it was already a registered user then user will use login page. SecureSocial was mentioned for play framework but it's not flexible (at least to make custom registration form etc)

In the past (while working on Java projects) used crosslogix (I think Oracle Entitlement Server is it's predecessor) to layout detailed entitlements per role, per resource etc. Are there any OSS replacements or what other libs/frameworks do you recommend in Scala, Play Framework land?

Answer 1

Consider using XACML, the Extensible Access Control Markup Language. It defines a policy language based on attributes and can easily implement the scenarios you listed here.

There are several implementations available. You mentioned OES which uses an older version of XACML. In the OSS world, check out SunXACML, Heras AF, ForgeRock, and WSO2.

In the vendor space, check out Axiomatics (disclaimer: this is the company I work for).

Answer 2

SecureSocial has the option of providing a custom registration page:

http://securesocial.ws/guide/views-customization.html

and Deadbolt 2 handles the authorization piece of it:

https://github.com/schaloner/deadbolt-2

There is an example application using Slick 2.0 here:

https://github.com/lunatech-labs/lunatech-securesocial-poc