File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes sessions in RBAC Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "sessions in RBAC " Watch "sessions in RBAC " New topic

sessions in RBAC

T Mishra
Ranch Hand

Joined: Apr 04, 2006
Posts: 108


I am trying to implement user access control based on RBAC model. I referred to the following links

I haven't understood this part clearly - use of Session with User and Roles. Any use case where session can be used to activate the roles ?

Is it correct to understand that the session is stored in database for validation so that if any user has fiddled over session it can be validated ?How frequently should this validation be implemented on the server side ? I understand that using ORM tool like Hibernate can store the value in persistence layer but wouldn't this additional validation hit performance ?

RBAC is a established model for over a decade. Are most of the security frameworks today based on RBAC ?

Thanks for your time

Tushar (SCJP 1.5)
T Mishra
Ranch Hand

Joined: Apr 04, 2006
Posts: 108

May be helpdful to somebody else interested in RBAC
I agree. Here's the link:
subject: sessions in RBAC
jQuery in Action, 3rd edition