Agreed API
- @Secured
- @SecurityBindingType
- AccessDecisionVoter
- SecurityStrategy
API under discussion
Part 1
Feature | Comments | Objections | Discussion finished |
---|---|---|---|
Login via Username/Password |
|
|
|
Logout |
|
|
|
Authentication API and SPI | Credentials vs Credential (one of it needs a better name) |
|
|
Duration of a valid authentication | ExpirationEvaluator SPI |
|
|
Basic User/Identity API |
|
|
|
Part 2
Feature | Comments | Objections | Discussion finished |
---|---|---|---|
Object level permission |
|
|
|
Basic Roles and groups API | optional type-safe (-> static) groups (and roles) |
|
|
@SecurityMethodBinding |
|
|
|
Super-users |
|
|
|
User/Identity management |
|
|
|
Group management | optional support for typ-safe groups/group-types |
|
|
Part 3
Feature | Comments | Objections | Discussion finished |
---|---|---|---|
Support for deputies (see Impersonalization) |
|
|
|
Privileges concept |
|
|
|
Grant or revoke permissions |
|
|
|
UI SPI (Component based authorization) | add optional type-safe authorization; integration with JSF |
|
|
Permissions of resources | Merge with CODI view-configs,... |
|
|
Persistence SPI | integration with JPA |
|
|
Identity Store SPI |
|
|
|
Query API |
|
|
|
Application roles |
|
|
|
Part 4
Feature | Comments | Objections | Discussion finished |
---|---|---|---|
Support of alternative authentication concepts | Extend the Authentication SPI |
|
|
Integration with authentication concepts of (application-) servers | Extend the Authentication SPI |
|
|
Personalization |
|
|
|
Alternatives for roles/groups |
|
|
|
Permission for external applications |
|
|
|
Use-cases
Authentication
Scenario
...