File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes OO, Patterns, UML and Refactoring and the fly likes design a flexible application security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » OO, Patterns, UML and Refactoring
Bookmark "design a flexible application security" Watch "design a flexible application security" New topic

design a flexible application security

Bernie Gu

Joined: Aug 26, 2003
Posts: 5
I am designing a project with Swing GUI, hibernate persistence, MySql database.
But I don't have a clear blueprint of the security system. If you can give me some opinion or give a example or open source software's URL), I will appreciate it very much.
In my opinion, the security management system should have several entities: User, Role, Function(Read, Update, Delete functions of a GUI window), Resource(some special entities,like a people's Card).
The according tables will include:
User(id, name,....);
User_Role(userId, RoleId);
Role(id, description, ....);
Role_Function(roleId, functionId);
Function(id, windowsName, readUpdateDelete, resource)
Resource(id, resources(vector of Integer, which is used to mark entities's identity))
The relationship is:
User n<----->n Role
Role n<----->n Function
Function 1<----->1 Resource
Ilja Preuss

Joined: Jul 11, 2001
Posts: 14112
What are your requirements? Where are they coming from?

The soul is dyed the color of its thoughts. Think only on those things that are in line with your principles and can bear the light of day. The content of your character is your choice. Day by day, what you do is who you become. Your integrity is your destiny - it is the light that guides your way. - Heraclitus
Bernie Gu

Joined: Aug 26, 2003
Posts: 5
I want to set up a flexible security(permission) management system which can be suitalbe to any CRM or ERP's requirement. Is it possible?
I have studied some open source softwares, such as sourceforge's compiere whose architecture is user,role,Access. But I can't find its all source codes and can't know how it runs.
Maybe SAP or Sieble have their own solutions. Can anyone give me a suggestion? I will appreciate it very much.
Thanks for your time.
Frank Carver

Joined: Jan 07, 1999
Posts: 6920
I want to set up a flexible security(permission) management system which can be suitalbe to any CRM or ERP's requirement.
First, a warning. Attempting to design any sort of general-purpose solution is almost guaranteed to prduce a poor result if you don't already have experience of designing at least one (and ideally more than one) specific solution first. Please, please consider producing a solid, simple, specific, security subsystem for some real project first.
If you really need to make some sort of general solution, you need to do a lot of research, and even then you'll likely produce an unwieldy, bloated and fragile solution simply because you don't have enough experience of the domain to weigh up the thousands of tiny choices you will have to make during design and coding.
Start by looking at some theory, for example: , . These are sites I found in just a few minutes of googling, you'll need to find more. You should really look up some academic papers, too.
Then look at some implementations. You'll probably need to browse some CVS repositories if you want to study open source software, so get comfortable with that first. Be critical, consider the strengths and weaknesses of the choices the other developers made, decide whether you agree, justify your decision, keep notes.
Finally, you can start designing and coding. But make sure that you build a test and measurement framework as you go, so when you have to make a choice about how to do something, you can be as informed as possible. Do experiments - try things and measure the results, run load tests and concurrency tests, throw things away if they are not right.
But please, if at all possible, practice on a simpler, more constrained solution domain first; learn what works and what doesn't; get a "feel" for what's important.
Good luck.

Read about me at ~ Raspberry Alpha Omega ~ Frank's Punchbarrel Blog
Stan James
(instanceof Sidekick)
Ranch Hand

Joined: Jan 29, 2003
Posts: 8791
I've usually done well enough with your first two levels:
User n<----->n Role
Role n<----->n Function
with "function" defined as "anything one user can do that another cannot". Given a large and complex set of rules, this can get to be an administrative headache!
I'd also try for a single security api that tells me if user x can do function y. With that abstraction, you can change implementations behind the scenes without disrupting the rest of the system.
I agree with Frank that this is a critical area, easy to mess up, done well by others, and some research or a buy-vs-build study is in order. For example, if you are doing a web app, a security filter like Netegrity might be a perfect solution for global authentication and page-level authorization.

A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi
Bernie Gu

Joined: Aug 26, 2003
Posts: 5
Thanks for Frank and Stan's advice.
In fact, I have researched the access controller for a long time.
Although I have successfully implemented some simple security systems as Stan said(User-->Role-->Function(whether readable or writable in a specifical window or URL)), I can't satisfy the new requirement coming from my current project. Because there is only windows access here.
I want more types of Access, for example, data access, form access and work flow access. So I design to add a Resource(include a scope object) class to bundle with Function. I wish it can been a reasonable patterns. And I will learn what works and what doesn't in the feature.
Frank Carver

Joined: Jan 07, 1999
Posts: 6920
OK. I'm slightly puzzled that nobody seems to have included the idea of a "group" yet. The most flexible access control systems I have seen have included both user-groups and role-groups. Something like:
user or user-group (n : is in : n) user-group
user or user-group (n : has : n) role or role-group
role-group (n : includes : n) role or role-group
If that makes any sense.
For a slightly contrived example, here at the Ranch:
user (Frank Carver) is in user-group (sheriffs)
user-group (sheriffs) is in user-group (bartenders)
user-group (bartenders) is in user-group (known users)
user-group (bartenders) has role (move posts in own forum)
user-group (sheriffs) has role (move posts in any forum)
user-group (known users) has role-group (write posts)
role-group (write posts) includes role (post a message)
role-group (write posts) includes role (edit own post)
So to find out if (Frank Carver) can edit this post, the system needs to traverse the network of relationships until a match is found. eg.
(Frank Carver) -> (sheriffs) -> (bartenders) -> (known users) -> (write posts) -> (edit own post).
For any particular application, a system like this might be too much, though. If you only have a small number of users or roles it might make more sense to just list all the user roles and live with the redundancy and complexity of updates if/when things change.
Junilu Lacar

Joined: Feb 26, 2001
Posts: 6529

The book "Secure Coding" has a good high-level coverage of the many different considerations that you'll have address.

Junilu - [How to Ask Questions] [How to Answer Questions]
Stan James
(instanceof Sidekick)
Ranch Hand

Joined: Jan 29, 2003
Posts: 8791
Bernie, I had Function instead of your Function-Resource just to simplify things. If resource is not always needed, you may run into some complexity around when to use it and when not to. I can cheat and make my "function" arbitrarily detailed, perhaps naming it "function.resource" when I need the resource level of detail, and naming it "function" when I don't. I can even add more "function.resource.action" if it seems necessary. I'm having a lot of trouble making this make sense - did that parse for you?
I made my point about administration headaches because they have hurt us. It gets to be a real burden to ask user admins to manage many levels of things with multiple many-to-many relationships. I'd probably "denormalize" the ideal model to make it easier on the admins.
I liked the suggestion about group - if it applies to you. For my main application, group is a reporting structure and has little to do with priviledges, so I left it out. If you have globs of roles that usually come together, group may be a good level to model.
I agree. Here's the link:
subject: design a flexible application security
It's not a secret anymore!