aspose file tools
The moose likes Security and the fly likes sessions in RBAC Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of Arduino in Action this week in the General Computing forum!

A special promo: Enter your blog post or vote on a blogger to be featured in an upcoming Journal
JavaRanch » Java Forums » Engineering » Security
Reply Bookmark "sessions in RBAC " Watch "sessions in RBAC " New topic
Author

sessions in RBAC

T Mishra
Ranch Hand

Joined: Apr 04, 2006
Posts: 107

I like...
Eclipse IDE Java Ubuntu
posted private message
0
Quote
Hi,

I am trying to implement user access control based on RBAC model. I referred to the following links

http://www.mind-it.info/2010/01/09/nist-rbac-data-model/
http://www.cs.purdue.edu/homes/ninghui/readings/AccessControl/ANSI+INCITS+359-2004.pdf

I haven't understood this part clearly - use of Session with User and Roles. Any use case where session can be used to activate the roles ?

Is it correct to understand that the session is stored in database for validation so that if any user has fiddled over session it can be validated ?How frequently should this validation be implemented on the server side ? I understand that using ORM tool like Hibernate can store the value in persistence layer but wouldn't this additional validation hit performance ?

RBAC is a established model for over a decade. Are most of the security frameworks today based on RBAC ?

Thanks for your time

Thanks,
Tushar (SCJP 1.5)
T Mishra
Ranch Hand

Joined: Apr 04, 2006
Posts: 107

I like...
Eclipse IDE Java Ubuntu
posted private message
0
Quote
May be helpdful to somebody else interested in RBAC
 
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to run our stuff on 16 servers instead of 3.
 
subject: sessions in RBAC
 
Similar Threads
Security RBAC
Controlling Access to Form fields?
Relative path in Role Based Access Control(RBAC)
login example using jsf
Spring 3 and 2-way ssl