ACL vs ROLE question

**ragsta** · Jan 30th, 2007, 11:51 AM

I have a web application that implements a service frontend.
with many qury services exposed to many users.
To understand the size of the application we can suppose a number of 100 services and a number of about 8000 users.
Each user may or may not have access to one service.

I cannot understand if is better to setup a role for each service or made a single role for authenticated users and manage the authorization problem via ACL.

tanks.

**karldmoore** · Feb 26th, 2007, 01:13 PM

So you're basically asking if you should go for ACL or ROLE based security? I think it very much depends on what you are trying to do. What your requirements are. What kind of security you are trying to implement. Etc....... Personally, ROLE based is very simply, straight forward and people generally understand it. If it makes sense, I would go with that. If roles aren't a natural fit, then ACL might make more sense.

**grandfatha** · Mar 1st, 2007, 01:57 AM

Does this mean I have either Roles OR ACLs?

Because I am rewriting the security functionality for a Spring Webapp and I am collecting requirements right now to form a decision on how to implement the security features. If this is such an atomic decision, please let me know.

**karldmoore** · Mar 1st, 2007, 02:37 AM

I don't think it's an either or thing. I'm pretty sure I've read posts from people using a combination, you'd have to look into this.

**grandfatha** · Mar 1st, 2007, 02:44 AM

Thanks. From your other post I got the impression that you explicitely stated that is is either/or.

**karldmoore** · Mar 1st, 2007, 02:59 AM

Originally Posted by grandfatha

Thanks. From your other post I got the impression that you explicitely stated that is is either/or.

No I was simply trying to clarify what the actual question was

. I thought it was "should I used ACL or ROLE?". I've never tried to use both so I really don't know, I guess you'd just have to give it a go. Apologies for any confusion.

**grandfatha** · Mar 1st, 2007, 05:31 AM

Alright, that made things clear. If I remember correctly, the Contacts Sample uses both Roles and ACL. But I am not sure.

**karldmoore** · Mar 1st, 2007, 12:47 PM

Thanks for the tip. I haven't looked at this in a while but I'll check it out later!

**grandfatha** · Mar 2nd, 2007, 01:44 AM

I checked it yesterday. It uses both, the only problem is... the example only contains *.class files. I cant figure out how the magic is done

**karldmoore** · Mar 2nd, 2007, 06:37 AM

I'm guessing you should be able to check out the source from the CVS repository.

Thread: ACL vs ROLE question

Thread Tools

Display

ACL vs ROLE question

Posting Permissions