Home | Meaxure | Messages | Gabriel

Reposita Gabriel

License: Apache 2.0
Status: Beta
Dependencies: Java 1.5, works without any third party jars.
Contact: stephan@codehaus.org

Gabriel is a security framework to restrict actions of users. It's suited for use with IoC containers, especially Google Guice. Think about EJB security but without EJB. Gabriel is a security framework for Java. By using access control lists and permissions, Gabriel enables components to check access to actions. On top of that Gabriel protects methods like EJB does but without the overhead. It distinguishes itself from other frameworks by the ease of use with a small API and by mapping method access to permissions instead of persons. This way the same permissions can be used to protect method access and to check which GUI elements to show based on user permissions.

Example with Google Guice:

First we create our user called subject in Gabriel. Subjects can have several principals (roles), our user ("We") doesn't get any principals. The principal is stored as a thread local object.

Subject subject = new Subject("We"); Set principals = new HashSet(); subject.setPrincipals(principals); Subject.set(subject); // First we setup some components which manage access // checking for us. We use versions that use files // to store mappings // access.acl contains: // ExampleUser { SET_NAME } AclStore aclStore = new FileAclStore(); // The AccessManager can check permissions AccessManager manager = new AccessManagerImpl(aclStore);

After setting up the infrastructure we can now check permissions on methods.

// The MethodAccessManager maps permissions to methods // or uses annotations MethodAccessManager methodAccessManager = new AnnotationMethodAccessManager(manager);

And get our objects wrapped up by Guice.

Injector injector = Guice.createInjector( new SecureModule(methodAccessManager) ); // We create an object which has protected methods SecureObject object = injector.getInstance(SecureObject.class); System.out.print("We try to call setName() on \""+object.getName()); try { object.setName(" ..Changed, should not happen!"); } catch (SecurityException e) { System.out.println(" ..denied."); }

And the SecureObject is annotated to declare the permissions which are needed to call the method. Beside Annotations Gabriels supports storing method to permission mappings in a storage.

public interface SecureObject { @NeedsPermission("SET_NAME") public void setName(String name); }

Example:

> ant example

runs the example.

Downloads

None yet. Older versions of Gabriel are archived here.

Subversion

> svn co http://svn.reposita.org/svn/gabriel/trunk/

Hope that helps.
  • Download
  • Browse Repo
  • Build Server
  • Developer blogs
(c) 2007 Reposita