Gabriel is a security framework to restrict actions of users.
Think about EJB security but without EJB.
Gabriel is a security framework for Java. By using access control lists and permissions, Gabriel enables components to check access to actions. On top of that Gabriel protects methods like EJB does but without the overhead. It distinguishes itself from other frameworks by the ease of use with a small API and by mapping method access to permissions instead of persons. This way the same permissions can be used to protect method access and to check which GUI elements to show based on user permissions.
The Security Annotation Framework (SAF) is an instance-level access control framework driven by Java 5 annotations. It can be easily integrated into Spring applications which primarily use the SAF to control access to their domain object instances. SAF security annotations define locations in the source code where the SAF shall perform permission checks at runtime. An annotation-driven approach to instance-level access control promotes the separation of an application’s security logic from its business logic. This significantly increases the testability and reusability of application components. It further allows the implementation of instance-level access control features into existing applications without modifying existing business logic.
The PermissionSniffer is designed to help developers determine the minimum set of permissions that their application requires in order to run.
The PermissionSniffer is still under development. Comments, feedback, contributions, etc. are greatly appreciated.
Jasypt 1.3 will be released mid-May 2007, featuring changes in the provider API which will allow the use of non-default JCE providers like Bouncy Castle. With this, any PBE or digest algorithm you can get from any JCE provider will be available for you to use with Jasypt. Stay tuned for the new release at the jasypt-announce mailing list.
hakin9 is bimonthly magazine about hacking and IT security, covering techniques of breaking into computer systems, defence and protection methods. Our magazine is useful for all those interested in hacking - both professionals (system administrators, security specialists) and hobbyists. The magazine is published in other countries and language versions:
The Security Officers Management and Analysis Project (SOMAP.org) is all about Open Source Information Security Risk Management. It is our belief that risk management processes and best practices need to be offered in an open kind. Only freely available risk management informations can potentially lead to a better security management and further development of the whole risk management field.
CAS provides enterprise single sign on service: CAS Downloads * An open and well-documented protocol * An open-source Java server component * A library of clients for Java, .Net, PHP, Perl, Apache, uPortal, and others * Integrates with uPortal, BlueSocket