Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

User, Group, Roles for J2ee applications

 
Saritha Penumudi
Ranch Hand
Posts: 148
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We have a common requirements as any other web application. we are thinking of using Jsp, struts, EJB for this application.
We need to hide and show certain menu options depending on the user group, role.
At the same time we need to lock certain data, menu options, modules and applications.

Example:
- When user is performing some action, then We don't want any user to log into the system. at this time we want to lock whole application.
- when user want to run certain process, the we don't want any user to add/update/delete any records. In this case we want to disable/hide all those options for other users.

There are such scenarios where we want to lock certain data, menu options, etc.,

In the current Data model for database, we have tables for menus, user, group roles. I was thinking I would check these tables, get menu options assigned for a role to which user is assigned to. I m not sure how struts would be useful in such scenario. Any sample application would be appreciated. Or any better solution for to achieve this.

In EJB, we use ejb-jar.xml to give security roles and method permissions. How application server will be able to map roles defined in the application tables with that of one's used in ejb-jar.xml.

Oracle 10g uses .xml file or LDAP for mapping. But We have user, group, roles configured in database. I am not sure how to map these with that of one's used in ejb-jar.xml.

I am not sure how this is done in Weblogic.

We are currently using Oracle 10g AS but in future might shift to weblogic.
Is there any common framework which would solve my problem.

How situations like this are handled with optimal solution?

early replys would be appreciated

Thank you in advance.
Saritha
 
Saritha Penumudi
Ranch Hand
Posts: 148
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I thought I would get a quick response for my question as my questions are very common and has to be implemented in most of the applications that automate business process.

But I am sad to see no reply even when there are so many J2ee gurus out there..

I appreciate if anyone could help me
Thank you
Saritha
 
somkiat puisungnoen
Ranch Hand
Posts: 1312
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This link will help you

http://www.weblogic.com/docs45/classdocs/API_ejb.html#acls
 
Alexandru Popescu
Ranch Hand
Posts: 995
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Saritha ventrapragada: you are right about the large usage of this architecture.
My 2 cents thoughts: there is a big difference between the descriptive security (that defined inside the ejb-jar.xml) and special security as the one you are talking about (which I expect to be at a higher level than the descriptive - method level). You could design your custom security manager that will check the roles against the db and than inside the JSP/Servlet/whatever use this service in order to enable/disable actions.
One of the things you must keep in mind (deep) is the security credentials caching (upon their change and also upon db hits).
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic