I want to manage users for N number of clients across 3 different products with different level of accessibility. I am not so interested in creating application from scratch as it will divert my core objective. Also I will be happy if any nominal user interface is provided so that I can give it's hosted end to client for user management.
I endup trying Apache Syncope but not succeeded. Here's what I wanted to do over there.
- Client 1 will be as Domain
- user uc1, uc2 created on Root(/) realm
- Product p1 and p2 create as child realm as /p1 and /p2
- Group ug1p1 and ug2p1 created under p1 realm
Now that, I wanted to add uc1 and uc2 in ug1p1 and also only uc1 into ug2p1. In this way same user will be able to share across different Realm (i.e. product) and can assign with different level of accessibility there separately. I failed in this approach.
If this is achieved, I was planning to provided user accessibility on group basis. Let me know if my approach is not recommended way.
If it is, can Apache Syncope suffice this requirement. Else if, suggest any other tool. Should be easy enough to integrate with Java web application is preferable.
You want a Multitenant RBAC. Apache Shiro is the right library you can use. It also works well with spring. You will need to implement your own realm if the existing Realms do not meet your requiremnt it will be one class though, you will also need to firgure out how integrate it with your web application INI based approach is pretty easy to use, however I prefered the Spring Application Context based approach and that works too.