Simple Attribute-Based Access Control With Spring Security

Introduction Have you ever worked on software where the access rules are based not only on the user’s role but also on the specific entity that role was granted on (i.e. Scoped Roles), something like “Project Manager can add users to HIS PROJECT ONLY”, “Store Agent can access Store Information for HIS STORE ONLY”, or “Document Owner can modify HIS DOCUMENTS”?

Read full news article on Dzone