N-tier applications can be challenging from a security perspective. Security policies impact the user interface as well as the business layer and even the data layer. Users should only be presented with relevant UIs and widgets based on their permissions. At the same time, the underlying business objects should also be protected. Externalizing authorization lets architects and developers move security policies out of the code into a common layer or authorization service. With the rise of the eXtensible Access Control Markup Language (XACML), a policy-based, multi-factor authorization language, it has become easy to define and apply rich authorization policies. Still, how do you efficiently ensure that one single policy can be applied across all your M-V-C layers?
In this webinar we will discuss:
- An end-end scenario
- Policies and enforcement strategies for UIs
- Business objects
- The data tier.
We will also explain how you apply XACML-driven authorization via:
- Java annotations and aspect-oriented programming
- SQL filtering
- Checks on the presentation tier.