The latest release candidate of the open source OACC Java™ Application Security Framework (OACC v2.0.0-rc.4) is available at oaccframework.org and now supports several new databases. The complete list of supported databases is:
IBM DB2 10.5
Microsoft SQL Server 12.0 (2014)
MySQL 5.6 / MariaDB 10.0
Oracle 11g R2
Prior to this release, OACC made use of certain database features (such as recursive CTEs and sequence generators) that aren't supported in all database systems. Now OACC supports auto-incrementing identity columns and non-recursive querying, which enables persisting the security relationships in many more RDBMS implementations.
Summary of changes for this release candidate:
adds implementation strategies to handle databases that do not support recursive queries or sequence generators
adds SQL dialect support for MySQL/MariaDB, HSQLDB, and SQLite
The full release notes are available at http://oaccframework.org/downloads.html.
What is OACC?
OACC is a permission-based application security framework for Java™ that provides authentication and authorization services.
It supports hierarchical security domains, super users, permission inheritance and impersonation. OACC is more powerful than ACL with groups, allows modeling of hierarchical symmetric RBAC and has no container dependencies.
In a nutshell, OACC allows your application to enforce security by answering the question:
Is entity ‘A’ allowed to perform action ‘p’ on entity ‘B’?
The key design goals of OACC are:
simplify the maintenance of complex, real world security topologies
allow both fine and coarse grained access control
support logical security domains for use in multi-tenant application architectures
facilitate flexible permission delegation control
programmatically and dynamically manage permissions
OACC is open source software released under the commercial friendly Apache License, Version 2.0.
More information about OACC, including the latest Javadocs, releases, and tutorials, is available at oaccframework.org.