Are there alternatives to using Spring Security's ACL implementation/interfaces to secure REST resou

Ross Bradbury · March 2014

I am very surprised to not easily find a bunch of implementations for securing objects. I was expecting to be able to find a mechanism to secure resources returned by web services as easily as securing files and folders in a file system. The *only* "off the shelf" solution I have found so far is [Spring Security's Domain Object Security (ACLs) module][1]. Question --------- **What is the best way to implement permissions by ACL in web services?** * Are there alternatives to using Spring Security's ACL implementation/interfaces? * Has anyone implemented this kind of security permissions on web services in Thomson Reuters? * If so, who may I contact, is it reusable and what technology is it built on? [1]: http://docs.spring.io/spring-security/site/docs/3.2.2.RELEASE/reference/htmlsingle/#domain-acls

michaelok · April 2014

Depending on what type of data are you protecting, yoiu might be able to find what you are looking for here, or at least find some contacts for additional information: "The REST API Authentication and Authorization standard for Core Platform Services is OAuth2 using Bearer Token for APIs supplying Public and Confidential Data. Bearer token represents a balance between security and usability, but is not suitable for Strictly Confidential data."
https://thehub.thomsonreuters.com/docs/DOC-620218 This is implemented using Apache CXF:
http://cxf.apache.org/docs/jax-rs-oauth2.html

Are there alternatives to using Spring Security's ACL implementation/interfaces to secure REST resou

Answers

Categories