Simple Security Project

I recently started helping a friend complete a SaaS application. He was in need of basic authentication with roles and permissions. Not one to re-invent the wheel unnecessarily I started looking at existing security frameworks – the obvious choice was Picketlink. Picketlink looks like a promising product but after spending some time looking into it I found it too abstract and hard to set up. I was quickly able to get social media (Facebook) authentication working but when moving to a traditional database backed store it required a lot of mapping classes and was very abstract – far more complex than was needed for most applications. And so SimpleSecurity was born. I took ideas for configuration and setup from picketlink and combined that with the simple annotation based mappings from the Seam security module to produce a functional yet extensible authorization and authentication framework which is now being integrated into several web apps which I’m associated with.

Most applications already have a User model object. I wanted to be able to make use of the existing applications model objects for security purposes and liked the way Seam used annotations to do its bindings. To do this all you need do is annotate some key fields of your model as below:

The highlighted lines are all that’s required by SimpleSecurity.

Similar annotations can be added to your role and permission model objects.

With that done you can now interact with SimpleSecurity through the Identity and IdentityManager objects which can simply be injected into your classes.

More details and documentation on using and bootstraping Simple Security will be able to be found here when I get a moment to document it.

Look out for further posts with more details about specific aspects of this project.

Leave a Reply