How to implement user access control mechanisam in web application - java

Am developing a web application using Springs. To make a scalability for my application am in need of user management system. In application having different groups each groups having different users.Every user having different roles.
To implement access control mechanism any API's available?
How to assign role for every users?

I think Spring Security domain-acls is a good choice for you. You can take a look at Contacts sample first to decide whether it is fit for you.

Related

Same authentication in 3 different web applications, that have their own database

I have three REST web applications (Java) with their own database (MongoDB).
All the applications require authentication, so I created a collection called User in each database.
Now I want the same user to be able to log in each application.
Shall I have a fourth shared database only for user?
Shall I have a sort of synchronization process of the collection User among the three databases?
What's the solution?
I think the solution is to develop some microservice (OAuth2 for example) to do the authentication and implement all login and permission check routines by its means.
If that's an overkill for your task, it is better to make a separate DB for user accounts and synchronize application databases against it.

How to restrict user logging in particular application using CAS?

I am working on providing single sign on feature to the applications I have. I am using CAS for this along with spring. I am able to make it working for all the applications. But one doubt I have is, Is it possible to restrict user for any one application for which he is not having access? I mean is there a way to provide application level authorization using CAS?
Thanks
You can customize CAS to return a complex object including the role of user só then the each APP be responsible for authorization. Herecwe do this using Spring Security

Custom User Management for Google App Engine Java

I am using GAE Java for a multi-user application. There are multiple users with different roles. Each user can login, do some operations and logout. The business restricts me from using Google User Service and I need to implement my own for authentication and session management.
Can anyone please share with me how should I go about implementing my own user management? I have read its very tricky to implement own user management. Any pointers in terms of best approaches/ design / existing frameworks if any ?
I could see some similar posts but they are for python.
Well, for the production quality authentication and security I finally decided using "Spring-Security". Seems to be the best solution if you are using spring in your application and you can do customizations at finest levels.

Solutions for Java User Account Management

I currently work on a Java web application that has relies on a permissions mechanism to manage user content. This of course means that we need to manage users. Our current user management system is an in house system that manage info about users, groups, and user and permissions in an RDBMS. The system works but is a hassle to maintain. I'd like to find a way to simplify things.
It seems that packages to manage users must be commonly used out there on the internet machine given that user management is a core piece of functionality of many web apps. What solution to you use to manage users? It seems that something like the Spring Security package may work, but I'd like to get a handle on what's available before locking myself into Spring Security.
Thanks.
You are looking for something like LDAP or Active Directory to manage your users. You would use Spring Security to apply/enforce your security information that you store in LDAP. Pretty sure you can configure any App Server to use LDAP for basic authentication and authorization features out of the box.

User Login in Java - JAAS/JNDI/GSSAPI

What is the best way to design a user login mechanism using Java? What are the best practices to be followed to architect a secure and robust login mechanism?
What is the difference between JAAS, JNDI and GSSAPI? How do you decide which one to choose?
Single sign on (SSO) is one of hte best practices. Using one set of credentials for authentication (not necessarily authorization) for a group of applications.
Sun's java based open source -- OpenSSO solution is available at https://opensso.dev.java.net/. This includes OpenDS, an open source LDAP server.
few things you need to consider is
1) is it OK to let the user login simultaneously from multiple computers
2) how to mix authentication and authorization info in the same LDAP server
Some patterns in this area can be obtained from the book : http://www.coresecuritypatterns.com/patterns.htm
It depends on your user referential.
You need to be able to connect your login java module with that base. it is is LDAP, you might consider framework like OpenLDAP.
Plus you have to consider what is include in your "login" perimeter: It is is an "habilitation" login process, you need to have more that just the user name, but also other parameters helping your java module to grant him access (its group, which might be in LDAP, but also the kind of action he wants to make, in order to check if he has the required accreditation level)
I really like Spring Security. It's pretty easy to set up if you've got a Spring project, of course, but I've seen parts of it integrated into other implementations.

Categories