Look for a role-based authentication solution in java

Question

I am building a project which is related to the user authentication.

The project is about the task manager for the company.

The company contain many departments,and one department may contain more than one sub_department,the sub_department can have sub departments also.

The manager of one department can create/modify/remove tasks of his department.

Other people can only see the task.

When he create a task,he should specify the operator(who will make the job) and the charger(who will be responsible for the task). The operator and charger should belong to some specified departments.

For example,there is one department named "department01"and this department contain two sub-departments:"development",and "design".

Now user "John" is the manager of "development",so he can add task belong to "development",and choose operators and chargers belong to "department01" since the "department01" is the parent of "development".

Also there are some other roles in the system,for example, the boss of "department01",he can see all the tasks belong to "department01" (contain tasks of "development" and "design").

In this case, I think the role-based authentication is better.

But I do not found any related information in java,so I ask if there is any example?

Answer 1

Another option is Apache Shiro. It's very flexible and embeddable in almost any kind of Java project.

Answer 2

Take a look at Spring Security.

Spring Security is a powerful and highly customizable authentication and access-control framework.