This is the first open source release of the Security Annotation Framework
(SAF). The SAF is an instance-level access control framework driven by Java
5 security annotations.
* Primarily used to protect an application's domain objects on
instance-level.
* Promotes the separation of business logic from security logic.
* Supports the introduction of instance-level access control functionality
into existing applications without modifying existing business logic.
* Security interceptors are placed automatically according to SAF security
annotations in the source code.
* Hides Spring AOP and AspectJ details from application developers.
* Defines a clean service provider interface for integrating policy decision
providers.
* Provides an (early access) instance-level policy decision provider based
on the Java Authentication and Authorization Service (JAAS).
* Allows the integration of authorization decision providers from other
security frameworks or from existing security infratructures.
* Supports the inheritance of security annotations from interfaces and super
classes.
* Separates the internal representation of security attributes from their
external representation as Java 5 annotations. Can be extended to support
further external representations.
The SAF contains the following modules:
* SAF Core: a stable, annotation-driven, instance-level policy enforcement
framework for Spring.
* SAF JAAS: an early-access, instance-level policy decision provider that is
based on the Java Authentication and Authorization Service (JAAS).
Two sample applications demonstrate how to use these SAF modules (source
release only):
* Hello SAF: shows the basic steps to get the SAF Core module up and
running.
* Notebook: an (early access) sample application for managing and sharing
personal notebooks. It uses the the SAF Core module in combination with the
SAF JAAS module to implement inctance-level access control.
Project homepage: http://safr.sourceforge.net <http://safr.sourceforge.net/>
Cheers,
Martin
|
