JAAS or Spring Security on page control

Asked

Viewed 669 times

12

I’m doing an Eclipse project with JSF 2.2, JPA 2.1, Hibernate 5, Primefaces 5.3, CDI (Weld 1.1).

I want to implement the security part of the application and I’m in doubt between JAAS and Spring Security.

The model below corresponds to what I want to do:

inserir a descrição da imagem aqui

The page registration will be fixed in the BD, but the profile registration and people will be dynamic, that is, I will be able to register several access profiles (with several pages) and link them to people.

My questions are:

  1. Which would best fit my model, JAAS or Spring Security? Or would it be better to do it in hand (Filter)?
  2. Both JAAS and Spring Security work with roles, are these roles always fixed in the system? To have a control on each page I would have to have a scroll per page?
  3. Do you have an example to show me?
java jsf-2.2 spring-security jaas

  • Take a look and see if this will help you ? http://www.mkyong.com/spring-security/spring-security-hibernate-annotation-example/ JAAS x Spring Security http://www.guj.com.br/java/105466-jaas-x-acegispring-security

  • 1

    Friend, I always use Spring Security, JAAS is excellent too, but Spring Secrity makes me easier to implement. It has a site "BAELDUNG" that has several examples of everything in Spring including Security, the Site Curator EUGEN has a great knowledge in the framework and for several very good tips and tutorials also, look here the link: http://www.baeldung.com/security-spring

  • Take a look and see if this will help you ? http://www.mkyong.com/spring-security/spring-security-hibernate-annotation-example/ JAAS x Spring Security http://www.guj.com.br/java/105466-jaas-x-acegispring-security

  • Gleison, in the context of JAAS, I believe the answer: here may help in understanding your question.

2 answers

2

I opted for Spring Security in my applications because it is a consolidated framework and I have no pretensions to reinvent the wheel. Some reasons:

  1. Highly editable, that is, if I want, I can reset all the parameters and authentication classes;
  2. If I want to implement Oauth 2.0, Spring makes it easier to implement than if I were to do it manually;
  3. This is an open-source where the community is quite active;
  4. He works with Roles both at the bank, using technologies such as JPA, and inMemory;
  5. It has XSS and CRFS preventions, things that normally nobody cares about, besides other things that I didn’t care about, but a malicious person will certainly use;
  6. Accepts annotations and XML, giving the option to the programmer;
  7. It is very well seen in the security of JAVA applications;
  8. Spring, not only the safety module, is always one step ahead in programming flexibility;
  9. If used with Spring Boot your application development becomes almost magical because it joins the best of Spring into a single project;
  10. If you want to expand your application it will surely meet your need;
  11. Security can be in several places, e.g. in the jpa function that registers something, in the controller or on the page itself. Giving flexibility without leaving security.

There are other reasons, but in time you will notice that it is the best choice currently.

If you choose not to use Spring Security, I don’t recommend trying to reinvent the wheel primarily in the security industry, unless you have a pentester to analyze and test your security implementation. Finally, avoid headaches and use some framework that specializes in this and has an active community for you to ask questions.

I recommend visiting the site and analyzing the projects in particular Spring Boot and Security.

Link to the Spring

1

In the company I am currently we made the security validations in hand, because with this we are not stuck to any API limitation. With this, we map routines, which are linked to the client’s profile, or user, and check the routines linked to their profile when, he (user) tries to access a page. Routine-page mapping, we did through the Pretty id of each page.

Browser other questions tagged java jsf-2.2 spring-security jaas

You are not signed in. Login or sign up in order to post.