Spring Security as a service?

is it possible to use Access-Co开发者_开发问答ntrol (Authorization) in Spring Security through a web services ? or move all the authorization tasks outside the webapp that needs to be authorized,

For instance an app asks if a restful service can be or cannot be called from a certain user..

---

I am not sure, if I understand your question correctly. If you mean to retreive a user's authorities from a web service, this can of course be done. The best way to achieve it depends on the way authentication is done in your application.

E.g. if you authenticate users against LDAP, you need to implement an LDAPAuthoritiesPopulator. There you handle the loading of the authorities.

You can also write your custom UserDetailsService, in which you can programmatically do authentication and authorization against almost any service (DB, LDAP, web service...).

If you meant to secure your web services, this might be a good start.

---

I am actually switching away from Spring due to the existence of such a project in the jboss community called Keycloak

I have implemented OAuth2 security in spring. I am also able to allow users to register and sign in with third party providers like Facebook and Google. However, the complexity added to my application and the maintenance headaches are proving too much. I am switching to JBoss because Keycloak just works and fits much better with the decoupled architecture I am making.