Overview

Flexess > Overview

Almost every application requires some protection from unauthorized disclosure. Clients of a bank must only perform operations with their accounts; some movies should be inaccessible for people under eighteen; managers may only increase the salaries of employees in their department. All these activities require checking if the user is authorized to perform this operation.

Although the problem of access management is a key factor in the development of enterprise applications, even experienced architects leave the process of designing access rules until the last step. One problem is that it is often not clear how to separate access and business logic rules. Another problem is that each application level (database, business logic, and web-tier) has its own access management model defined in its own terms. For example, the web-tier protects resources (URLs), business logic requires protection for Java objects and the database defines permissions for tables and columns. All these circumstances make it difficult to create a consistent access control model for the whole application.

Flexess is our solution to this problem.

Flexess automates most of the tasks related to the development of access management features. It provides the possibility of defining under which conditions the objects are accessed and offers a uniform way to model access rules for all types of objects, such as resources, attributes, and database tables. It also includes a ready-to-use application with a user-friendly web interface that allows an administrator to manage security aspects, for example, create new roles or assign the roles to users.

Flexess is comprised of the following modules:

Flexess Security Modeler is used for creating security models.
Flexess Engine provide services over access data.
Flexess Admin is a web-based administration client.
Flexess Client is deployed as part of the business application.

The following diagram depicts the relationship of Flexess modules to business applications: