It's not a secret anymore!*
The moose likes Security and the fly likes sessions in RBAC Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "sessions in RBAC " Watch "sessions in RBAC " New topic
Author

sessions in RBAC

T Mishra
Ranch Hand

Joined: Apr 04, 2006
Posts: 108

Hi,

I am trying to implement user access control based on RBAC model. I referred to the following links

http://www.mind-it.info/2010/01/09/nist-rbac-data-model/
http://www.cs.purdue.edu/homes/ninghui/readings/AccessControl/ANSI+INCITS+359-2004.pdf

I haven't understood this part clearly - use of Session with User and Roles. Any use case where session can be used to activate the roles ?

Is it correct to understand that the session is stored in database for validation so that if any user has fiddled over session it can be validated ?How frequently should this validation be implemented on the server side ? I understand that using ORM tool like Hibernate can store the value in persistence layer but wouldn't this additional validation hit performance ?

RBAC is a established model for over a decade. Are most of the security frameworks today based on RBAC ?

Thanks for your time


Thanks,
Tushar (SCJP 1.5)
T Mishra
Ranch Hand

Joined: Apr 04, 2006
Posts: 108

May be helpdful to somebody else interested in RBAC
 
 
subject: sessions in RBAC
 
Similar Threads
Relative path in Role Based Access Control(RBAC)
Spring 3 and 2-way ssl
Security RBAC
Controlling Access to Form fields?
login example using jsf