Applying Fine-Grained Authorization to Java MVC Applications with XACML

N-tier applications can be challenging from a security perspective. Security policies impact the user interface as well as the business layer and even the data layer. Users should only be presented with relevant UIs and widgets based on their permissions. At the same time, the underlying business objects should also be protected. Externalizing authorization lets architects and developers move security policies out of the code into a common layer or authorization service. With the rise of the eXtensible Access Control Markup Language (XACML), a policy-based, multi-factor authorization language, it has become easy to define and apply rich authorization policies. Still, how do you efficiently ensure that one single policy can be applied across all your M-V-C layers?

The webinar covered topics such as:

  • An end-end scenario
  • Policies and enforcement strategies for UIs
  • Business objects
  • The data tier.

It also explained how you apply XACML-driven authorization via:

  • Java annotations and aspect-oriented programming
  • SQL filtering
  • Checks on the presentation tier.


Other Resources

The Convergence of Cloud, DevOps and Access Control
Security experts from industry-leading NTT DATA and Axiomatics are making a deep dive into migrating access control to the cloud. Follow the demonstration of how to set up a project for containerization using ALFA and Jenkins.
ABAC as code – Applying Modern DevOps to Policy Authoring
A DevOps approach to externalized business policy engineering can ensure modern CI/CD processes help IT adoption of access control policy authoring.
Taking an identity-centric approach to a modern security architecture
Federal agencies invest heavily in protecting data from external threat actors, but the insider threat problem requires a new approach to access control. While protecting data is paramount, that requirement must be balanced with the need to share certain information across a variety of use case scenarios within and across agencies/departments.