• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to implement security with OOP?

 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am planning my first decent sized Java application. Since I am relatively new to OOP, I have a couple of questions. Many of the features in my application depend on knowing who the user is and their access level to screens and menu options. I need to create a menu system so that a user can only see their menu options. In addition, the user access level will determine how much of the screens they have access to that they will be able to use. For example two users may be able to use a data entry screen, but only one can actually save changes made.
My question is, how I set up a user object so that it is floating out there and when I need to know the user's security level, I grab the user object and ask it about its security clearance. I'm not sure that passing the user object all over the application is a very "Object oriented" way to perform this task. How should I set this up? Thank you very much!
 
Trailboss
Posts: 23782
IntelliJ IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Rather than user level, have you considered "keys"?
Is it possible that one user might have access to option a and not option b, while another user has access to option b and not option a?
If you give the first user the "a" key and the second user the "b" key, all of this works out.
As for OO: Yes, you should have a user object that contains the access authority information. And then have a secure object that knows how to test the authority.

 
Ranch Hand
Posts: 111
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Paul,
You seem to be suggesting some kind of idiom or approach for implementing security. Can you or someone else expand on this a bit.
I am pretty new to the language and its uses also, but my first instinct would be to implement a publicly accessible final class that used private members. (Actually, coming from the background that I do, my first instinct would be to store the info in a DB, but short of having one available this the next approach).
 
James X Williams
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How would I do this? Use a 'key' I mean? I'm not understanding what you are getting at. The answer to your question is yes- one user might have access to option a and not option b, while another user has access to option b and not option a.
Thank you

Originally posted by Paul Wheaton:
Rather than user level, have you considered "keys"?
Is it possible that one user might have access to option a and not option b, while another user has access to option b and not option a?

If you give the first user the "a" key and the second user the "b" key, all of this works out.
As for OO: Yes, you should have a user object that contains the access authority information. And then have a secure object that knows how to test the authority.


 
paul wheaton
Trailboss
Posts: 23782
IntelliJ IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
(how did I miss the April 8th post?)
There are lots of ways to implement this. One way might be that a user has a hashtable full of strings that represent keys. When attempting to get access to something, the user object is passed in. The hashtable does a lookup for the required key - it's there, or it isn't!
 
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
James ,
I second both Betty and Paul ,have the permissions stored in database and load them statically (only once into Memory). Note in pre JDK 1.2 days Memory usually meant a Hashtable but you can also use other Collection classes.
In this case Paul is right in suggesting a Hashtable since many users may access the application at same time and all get/set methods are synchronized in a Hashtable.
The permissions can be a custom object which has only get() methods ,for example
public class JPermission {
//Implement it using a single object and manipulate it.
private BitSet permBits = new BitSet();
//or many integers which are not -1 to indicate this user has that particular permission.
private int read = -1;
private int write = -1;
public boolean isReadAllowed() {
//underlying business logic...
}
}
so each user is stored in a globally accessible Hashtable and do a get(User) which will return a Permission object and check for it.
Cheerio
Amit
 
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How about using a session object instead of a hashtable?
That way if you're searching for a key you can query to see if that certain key is there and if it is not then the user does not have the key for it.
Anyone know if there are advantages of one over another?
Yoo-Jin.
 
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,
How about using windows Access Control List to add / check permissions based on the user group? The only dis-advantage of this method is that it is tied to WIN NT.
Regards,
Milind
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic