Reputation: 6542
Spring MVC web application - Permission mechanism for a bank application
We are now exploring the options for a bank web application permission mechanism.
We have a very simple use case that more or less will define our requirements in terms of permissions needs:
"A user logs in, and approve a transaction of sum 5000$. His role "Transaction Manager" allowed him to VIEW the entry of the transaction. and his role was allowing him to APPROVE transactions of sum <= 6000$"
Are there any frameworks \ libraries that expose a clean API to achieve that? Our old project is using the permission model of "Domain \ Action \ Instance" and we think the requirement above is too complex to achieve with that model.
Upvotes: 0
Views: 652
Answers (2)
Reputation: 28569
Spring Security is a de-facto standard for securing Spring MVC apps, the Spring MVC documentation actually discusses it under the Web Security chapter.
It provides authentication and role-based authorization that you can easily integrate with whatever underlying ACL system you have, or plan to put in place
Upvotes: 2
Reputation: 290
Use Spring-security, which will provide role based implementation and also token based login.
Upvotes: 0
Related Questions
- Spring Security with roles and permissions
- Spring Boot MVC non-role based security
- Role-based access control with Spring MVC
- Authorization in a web application
- Spring security roles and permissions
- Java Spring Authentication, Authorization, and Ownership in multiple accounts web application
- Spring MVC multi user application
- Spring security permission
- spring authorization
- Roles/Priviledges in a Spring/Hibernate application