Grails with Spring Security

1. Overview of Spring Security Integration with Grails Spring Security touts a number of authentication, authorization, instance-based, and various other features that make it so attractive to secure applications with. With this in mind, due to Grails use of Spring’s Inversion of Control Framework and MVC setup, developers sought to use Spring Security to secure […]

Expression-Based Access Control

1. Overview Today, we’ll be reviewing the differences between Expression-Based Access Control (EBAC), Role Based Access Control (RBAC), and Attribute Based Access Control (ABAC), with a deeper focus on EBAC. 2. What is Expression-Based Access Control? Simply put, Expression-Based Access Control is the use of expressions to write authorization. The phrase Expression-Based Access Control (EBAC) […]

Authorizing Resources Based On Who Created Them

A colleague of mine pointed me to an interesting question on StackOverflow and suggested it may be a good one for me to answer because of my experience with Spring. The question was, “How to authorize specific resources based on users who created those in REST, using annotations.” The gist of it is this: What […]