This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes EJB and other Java EE Technologies and the fly likes User, Group, Roles for J2ee applications Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "User, Group, Roles for J2ee applications" Watch "User, Group, Roles for J2ee applications" New topic
Author

User, Group, Roles for J2ee applications

Saritha Penumudi
Ranch Hand

Joined: Aug 18, 2003
Posts: 147
We have a common requirements as any other web application. we are thinking of using Jsp, struts, EJB for this application.
We need to hide and show certain menu options depending on the user group, role.
At the same time we need to lock certain data, menu options, modules and applications.

Example:
- When user is performing some action, then We don't want any user to log into the system. at this time we want to lock whole application.
- when user want to run certain process, the we don't want any user to add/update/delete any records. In this case we want to disable/hide all those options for other users.

There are such scenarios where we want to lock certain data, menu options, etc.,

In the current Data model for database, we have tables for menus, user, group roles. I was thinking I would check these tables, get menu options assigned for a role to which user is assigned to. I m not sure how struts would be useful in such scenario. Any sample application would be appreciated. Or any better solution for to achieve this.

In EJB, we use ejb-jar.xml to give security roles and method permissions. How application server will be able to map roles defined in the application tables with that of one's used in ejb-jar.xml.

Oracle 10g uses .xml file or LDAP for mapping. But We have user, group, roles configured in database. I am not sure how to map these with that of one's used in ejb-jar.xml.

I am not sure how this is done in Weblogic.

We are currently using Oracle 10g AS but in future might shift to weblogic.
Is there any common framework which would solve my problem.

How situations like this are handled with optimal solution?

early replys would be appreciated

Thank you in advance.
Saritha
Saritha Penumudi
Ranch Hand

Joined: Aug 18, 2003
Posts: 147
Hi,

I thought I would get a quick response for my question as my questions are very common and has to be implemented in most of the applications that automate business process.

But I am sad to see no reply even when there are so many J2ee gurus out there..

I appreciate if anyone could help me
Thank you
Saritha
somkiat puisungnoen
Ranch Hand

Joined: Jul 04, 2003
Posts: 1312
This link will help you

http://www.weblogic.com/docs45/classdocs/API_ejb.html#acls


SCJA,SCJP,SCWCD,SCBCD,SCEA I
Java Developer, Thailand
Alexandru Popescu
Ranch Hand

Joined: Jul 12, 2004
Posts: 995
Saritha ventrapragada: you are right about the large usage of this architecture.
My 2 cents thoughts: there is a big difference between the descriptive security (that defined inside the ejb-jar.xml) and special security as the one you are talking about (which I expect to be at a higher level than the descriptive - method level). You could design your custom security manager that will check the roles against the db and than inside the JSP/Servlet/whatever use this service in order to enable/disable actions.
One of the things you must keep in mind (deep) is the security credentials caching (upon their change and also upon db hits).


blog - InfoQ.com
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: User, Group, Roles for J2ee applications
 
Similar Threads
JSF access control
Database design for Role/User based access to the application..
ejb-jar.xml roles and Principals - PLEASE HELP!
Having major problems setting up a user on JNDI Security using JBoss 5
MDB: problem using group as principal name when using @RunAs annotation