SeeAuthZ is a research tool developed by the Software Engineering Group of the University of Bremen for extracting the implemented authorization policy of Java applications. We published a paper at SCAM'20 with details on the implemented algorithm and a first evaluation.
TBC
Our implementation is based on Soot, a great framework for static analysis of Java code. Furthermore, we use Vasco for the inter-procedural analysis part.
Currently, we are preparing a binary release of SeeAuthZ. If you are impatient, don't hesitate to write a short mail.