aspose file tools*
The moose likes Struts and the fly likes How to implement role based access previleges Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "How to implement role based access previleges" Watch "How to implement role based access previleges" New topic
Author

How to implement role based access previleges

sahul vetcha
Greenhorn

Joined: Aug 18, 2009
Posts: 3
Hi,

I am developing an application in struts-1.2.9. In that, when an admin login to the application, some links we need to display and when a guest user login to the application some links have to be display in the jsp page. I dont want to hard code in the jsp which links for which role. I want the links permissions will come from databse.

I created two tables
1) userinfo 2)User_role
I think I need to cretae another table with Role_permissions table which contains the records of all the usecases in my application. But I dont know the columns in the third table.

Can anybody tell me the columns in the table?
How to make the display of the links generic based on different roles?

Plese reply to this post.
Thanks in advance.



bhaskarvignesh chandra sekaran
Greenhorn

Joined: Jun 27, 2009
Posts: 17

Hello..

I am not a guy with much experience in designing a system. But i can give you some advices of what i followed in one of the applications i did.

Make the following tables

Create some user and group tables ...

1) User (id,Firstname,lastname,email...)
2) Group (id,groupname,description...)
3) UserGroup (UserID,GroupID)

Create roles and permission tables ...
4) Menu (id,name,link,isActive,isSubMenuOf) here isSubMenuOf is the id of the parent menu, its null for parent menu
5) Role (id,name,description)
6) Permissions (id,menuID,permittedRoleID)

Assign a Role to either an Individual User or a group of Users..

7) UserGroupRoles (id,isGroup,UserID,GroupID,RoleID)


Now for a particular Menu item to be displayed

1) get the permittedRoleID for the menu item from Permissions table
2) get the UserID,GroupID and check against the UserGroupRoles table for the matching RoleID
3) If rows returned , then he has the permission to that link, else no

Let me know if you find anything better in the future.

Thanks
Vignesh


SCJP, SCWCD,preparing for SCDJWS
View my facebook profile
http://www.facebook.com/bhaskarvignesh
Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8971
    
    9

bhaskarvignesh chandra sekaran wrote:
Let me know if you find anything better in the future.


I'm a fan of container-based security. It's one less thing you have to write code for and maintain.


[How To Ask Questions On JavaRanch]
bhaskarvignesh chandra sekaran
Greenhorn

Joined: Jun 27, 2009
Posts: 17

Yes Joe, I agree with you and am also using Glassfish's security features. But there are few cases where you may need to develop applications which are not container dependent.

For e.g,

I hosted a java application on a web server, where am only asked to place the war files and the providers will only deploy the war file. There are few limitations where by you can overcome by creating our own database design with security roles and permissions and make our application Container independant

Thanks
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to implement role based access previleges