• Post Reply Bookmark Topic Watch Topic
  • New Topic

Role based access to resource

 
Ratan Pawar
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i have implemented a web application using Servlet and jsp.
i followed MVC pattern.
now i want to implement admin module for this.
in which admin create user and and user group.
and i want to give privilege to the user as group wise.
i giving some particular number to the user depend upon this number i gave access to module of application.
So give me some more guidelines to implement this admin module.
is any special for this authentication.
i read about JAAS but its for frameworks.
i only uses servlet and jsp.
as dividing web helper and web handler classes.
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First off, JAAS isn't just for frameworks. It can be used wherever you need authorization and authentication capabilities. Having said that, for web applications it's overkill most of the time, and I'd say it definitely is in the case you describe.

The servlet API provides a mechanism to implement a username/password/role scheme; you can find some more information in the ServletsFaq.

You'll also need to set up a repository for your user information; the specifics depend on the server. (E.g., for Tomcat, see here. Depending on how often your user information changes and to how much trouble you want to go, you could use a MemoryRealm or a JDBCRealm/DataSourceRealm).
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!