• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Is there any Design Pattern for RBAC(Role Based Access Control) ???

 
Ganesh Kannusamy
Ranch Hand
Posts: 35
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys,
Is there any Design Pattern For implementing RBAC (Role Based Access Control) in JAVA, If you know please post me the details.


Thanks,
Ganesh.K
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Grady Booch has a Catalog of zillions of patterns. I see one near the top about Access Control Requirements and one called Role Based Access Control. His entries are very brief, but might point you to other resources.

A design I've used many times is:

* A user "belongs to" or "has" one or more roles
* A role "can access" one or more resources
* A resource represents something that one user can do that another cannot.

It's easy to implement an API like isAuthorized( user, resource )

The relationship between role & resource is many-to-many. In a database and maybe in a Java model you can model this with an entity in between them. That entity can have a list of access rules, eg create, read, update, delete, execute or whatever you need to secure.

Now you need isAuthorized( user, resource, action )

Any of that sound useful?
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic