aspose file tools*
The moose likes Other Application Frameworks and the fly likes Roles and Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Other Application Frameworks
Bookmark "Roles and Authentication" Watch "Roles and Authentication" New topic
Author

Roles and Authentication

Vinod Kumar
Ranch Hand

Joined: Jan 18, 2002
Posts: 75
Hi,

I have a web application where Security admin will define a role, assign it to a userId , assign the list of functions (create,edit etc) to the userId. Also userId can be made read/write access so that throughout the application he will have only read-only.

Here comes my problem, I have these role to functions and role to user and role to access information in a database.

What is the best way to implement the authorization ? i.e, hide or disable some buttons/menu links based on the database values. Or is there a better way to implement this requirement as my company requires to assign functions to a user dynamically without a program change.

Regards,
Vincent Robert
Vinod Kumar
Ranch Hand

Joined: Jan 18, 2002
Posts: 75
This is a J2EE Struts based application. No EJBs.
Edward Durai
Ranch Hand

Joined: Oct 09, 2004
Posts: 223
Hello Vincent,

You need two templates and tables
1. Role page
2. User Page

You can create role and assign the role for particular user. It may be multiple user can have a same role.

Role privileges is simply tree view. you can add all the modules in role privileges. you can check/uncheck fields.

Checked fields should be displayed. No need to check for hiding. because during assigning the Role privilege, you can create menu. So we avoid to check to hide other fields.

Hope it is helpful to you

Thanks


Thank You<br />Edward
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Roles and Authentication
 
Similar Threads
EJB object level security
Multiple Id Generation possibilities
Security and EJB
How to configure authentication without authorisation
Use JAAS for access control.