Default transaction authorization provider

The security service includes a default transaction authorization provider. This provider performs transaction authorization against security data stored in a relational database. The authorization data associates users and groups to the transactions for which they are authorized.

The class name that implements this transaction authorization provides is com.dwl.base.security.provider.DefaultTransactionAuthorizationProvider. In order to use this provider, it should be configured in the configuration repository.

Following data model shows the table structure used for authorization.

The transaction authorization provider and the database are designed so that only the authorization grants are considered. In other words, there is no explicit authorization revoke. Instead, the absence of a user or group authorization for a transaction implies that they don't have access to execute the transaction. Once the security is turned on, authorization data must be configured for the requests to succeed in the authorization check.