Home

Bean Security is an access control framework for Java.

Developing enterprise software applications with security requirements can be a cumbersome and error-prone process. In such applications often the security is spread all over the application code. This makes it difficult to understand how things work and hard to maintain security in such code.

With model-driven development business logic should be expressed in the objects of your domain model. When working with Java this objects normally are Java Beans. As for now there is no convenient way to express access control requirements through your domain model. Hence access control-code is normally written into the service layer or data-access layer.

Bean Security offers a way to express access control through your domain model and additionally supplies a solution to completely separate access control logic from business logic, improving performance and maintainability. Bean Security provides an interface to define security requirements of your domain model via configuration (Annotations or XML).

It is designed to extend current security solutions like role-based Security (from the Servlet Spec. and Java EE) and Spring Security (formerly known as Acegi-Security), but may be used on its own, too. It enables you to configure rules defining access control for your Java Beans based on the currently authenticated user and/or its roles in the application.