We announce the open source CincoSecurity Module that offers a great flexibility to protect EJB3 methods, and JSF page elements in Java EE 5 - Seam applications. The innovation of this security model is to associate a role to each EJB method (fine role) allowing defining the concept of security profile as a set of roles.

You can download this module in http://sourceforge.net/projects/cincosecurity/

The CincoSecurity module offers several use cases. The use case for management of security profiles shows for each module of the application its use cases and for each use case its services. Each service corresponds to a method of the session EJB that supports the use case and there is a role associated to each of these methods. A new security profile is defined by selecting the
allowed roles of the new profile. The use case for management of users allows registering a new user in one or several security profiles.

Any Seam application can obtain benefits by incorporating this CincoSecurity module. The application obtains the roles associated to the current authenticated user (roles derived from the user profiles), loads only the allowed menu options (those associated to the allowed use cases for the authenticated user). Also the application will have the use cases for managing security profiles and users, and CRUDs for registering modules, use cases and services. In this way, the application may continue to protect the elements of new use cases of new modules.

You can download the CincoSecurity module and observe it running as a Seam application. After that you can incorporate this security module to your own Seam application and, if you want, you could extend the security use cases (for example, incorporating more comprehensive policies for managing passwords).

The CincoSecurity module was built initially using Seam generator, JSF with Richfaces, JBoss Seam, and EJB 3 and it is ready to be deployed on the JBoss AS (and it could be deployed in other Java EE 5 application servers).