We are searching for a solution/advise to implement security into an existing Swing application (which connects to a Tomcat-server using Spring Remoting). We would very much like to use Acegi Security, but have some concerns about whether it would be an appropriate solution to fit the needs.
Consider following (simplified) case: A user using the Swing application has not got the rights to use every functionality of the application. Depending on the roles or access rights of the user certain buttons in the GUI need to be disabled/enabled or hidden/unhidden. Another requirement is that users of the application should be able to view a list of data from a table, but only the data they are allowed to view, also depending on the role of the user.
With our current (basic) understanding of Acegi Security we think it could be used to prevent the user from executing certain functionalities of the application, but not to disable controls in an existing GUI-application (without having to rewrite the existing application all too much). Simply showing a warning or error message AFTER the user has already clicked the button is not sufficient (not very user-friendly also).
Does anyone have some advice on how to implement stuff like this ? It would be great if there is a sample Swing application using Acegi Security, but I cannot seem to find one.
The only thread I could find concerning this topic is http://forum.springframework.org/showthread.php?t=14838
But it only answers the question if Acegi Security could be used in a Swing client or not, no more details as to how it could be done.
Is Acegi Security the right tool for the job ? If so, how could/should it be used in this context ? Any help/thoughts/advice/example is greatly appreciated !!!