OACC 2.0 Java Application Security Framework released as open source

OACC  (pronounced Oak) is a powerful, new Java Application Security Framework (http://oaccframework.org ). The almost revolutionary difference with OACC is a security model that provides an abstraction for the application objects being secured. As a result of this abstraction, the application does need database tables and code to manage security relationships, or provide custom implementations of various framework interfaces. Consider the security relationship:

  grant (JohnDoe) permissions (READ,WRITE) on (Sales2014.xls)

OACC provides API calls to manage security relationships like the above, however, most current security frameworks for Java do not. This forces an application developer to implement a means to store/manage the security relationships. The main reason for this shortcoming in most security frameworks, is the lack of an abstraction for the application resources being secured in its security model.

In OACC the concept of a resource represents an application object being secured. This abstraction enables OACC to store and manage all security relationships. Since OACC manages the security relationships, it is able to provide API calls to grant and revoke permissions (at different levels of granularity). The application only needs to store an association between an application object and the corresponding OACC resource. This is typically done by adding a resource id attribute to application object.

OACC stores all security relationships in a relational database tables. OACC currently supports the following databases:

  IBM DB2 10.5
  Microsoft SQL Server 12.0 (2014)
  Oracle 11g R2
  PostgreSQL 9.3

OACC  is compatible with JDK 1.7 (Java 7) and above. OACC is open source software released under the commercial friendly Apache License 2.0.

The project website for OACC is at: http://oaccframework.org