This week's giveaway is in the EJB and other Java EE Technologies forum. We're giving away four copies of EJB 3 in Action and have Debu Panda, Reza Rahman, Ryan Cuprak, and Michael Remijan on-line! See this thread for details.
I am developing an application in struts-1.2.9. In that, when an admin login to the application, some links we need to display and when a guest user login to the application some links have to be display in the jsp page. I dont want to hard code in the jsp which links for which role. I want the links permissions will come from databse.
I created two tables
1) userinfo 2)User_role
I think I need to cretae another table with Role_permissions table which contains the records of all the usecases in my application. But I dont know the columns in the third table.
Can anybody tell me the columns in the table?
How to make the display of the links generic based on different roles?
I am not a guy with much experience in designing a system. But i can give you some advices of what i followed in one of the applications i did.
Make the following tables
Create some user and group tables ...
1) User (id,Firstname,lastname,email...)
2) Group (id,groupname,description...)
3) UserGroup (UserID,GroupID)
Create roles and permission tables ...
4) Menu (id,name,link,isActive,isSubMenuOf) here isSubMenuOf is the id of the parent menu, its null for parent menu
5) Role (id,name,description)
6) Permissions (id,menuID,permittedRoleID)
Assign a Role to either an Individual User or a group of Users..
1) get the permittedRoleID for the menu item from Permissions table
2) get the UserID,GroupID and check against the UserGroupRoles table for the matching RoleID
3) If rows returned , then he has the permission to that link, else no
Let me know if you find anything better in the future.
SCJP, SCWCD,preparing for SCDJWS
View my facebook profile
Yes Joe, I agree with you and am also using Glassfish's security features. But there are few cases where you may need to develop applications which are not container dependent.
I hosted a java application on a web server, where am only asked to place the war files and the providers will only deploy the war file. There are few limitations where by you can overcome by creating our own database design with security roles and permissions and make our application Container independant