how to configure multiple users to access multiple ressources with different rights?

Question

I'm working on a project where I've multiple ressources and multiple users, what I need to do is to associate different access rignts to every user depending on the ressource he wants to access to

The problem is that a simple LDAP server can't implement this kind of situation,

An idea is to use multiple LDAP servers, one for each ressource, then how could I manage them all?

Or is there another authentication process I can use in this case?

Answer 1

Spring Security has a special ACL module to handle such situations. The basic idea is that each domain object / ressource may have separate access control list. You need to fill this list with appropriate permissions and add corresponding checks in your code. You can have parent -> child relations between the objects to reduce number of permissions. Check it out.

Answer 2

If you have logic behind the access to the resources, you may want to use a rules authorization language such as XACML. If the assignment of resources to users is arbitrary then the use of ACLs with Spring Security's ACL module is good enough.

Answer 3

The problem is that a simple LDAP server can't implement this kind of situation

Mine does. You use LDAP to define the roles associated with each user, then you use web.xml to associate the resources with the roles that are required to access them, then you configure/write your login module such that it looks up the roles of each user when you login. Container-managed security can do all that.