Enterprise applications that handle sensitive data need to provide security to protect this data. Typical security systems for an enterprise application provide security through user authentication and authorization. The authentication process identifies the user and confirms that the user logging into a system is associated with a particular account. User authorization relates to permissions associated with a particular account and specifies what a logged in user can do.
Most security systems implement authentication and authorization from within the application itself. Code implementing the authorization engine is usually hard-coded into the application. As the sophistication of the security and the amount of data secured has increased, the code within an application required to implement security has increased. These large code requirements use valuable memory and processing resources for applications and can affect performance of the application.