• Post Reply Bookmark Topic Watch Topic
  • New Topic

RBAC (Role based access)

Sirisha Reddy
Ranch Hand
Posts: 75
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am looking for pointers for ROLE Based authentication implentation for java-jsp/servlet architecture.

Currently there is a role based schema in an Oracle table and I am implementing security logic in J2EE application based on the schema, for diff users.

Looking for good documentation for access control architecture on server side.

Thanks for the help

Thomas Olausson
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there any chance you can migrate this data to LDAP?
If you put users/roles in a LDAP server, such as OpenLDAP, active directory, secureway, you can use the LDAP "User registry" in Websphere App Server.

With web apps you control login with security entries in web.xml.
According to the j2ee spec:

In a servlet, you can do

In JSPs you can do similar, or use appropriate JSTL/struts tags.

There's a WAS overview here

If you can't migrate to LDAP, you can write a Custom User Registry.
That page has a sample with a file based user reg, but it shows you what interface you need to implement.

In your webpages and servlets, you would still be able to do isUserInRole()..., because this interface goes through the JAAS layer. It's transparent to the programmer.
If you later migrate to LDAP, you don't need to change apps, but rather how users/roles are stored.

A lot of developers (including me!) wrote their own "JAAS layers".
It's meaningless to run an app server and write these layers yourself.

Hope that helps,

Charles GAY
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i think you should have a look towards jGuard (http://sourceforge.net/projects/jguard).
this secrity framework enables a JAAS(RBAC principle) integration into a j2ee environment.
the upcoming (scheduled to the end of th week) 0.63 release will enable an RBAC management through databases (Oracle, PostgreSQL or mySQL), for the authentication purpose.
the authorisation part through databases will come into the 0.64 release.
authentication and autorisation parts can be configured also through Xml files.

hope this helps,

charles gay(jGuard team).
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!