• Post Reply Bookmark Topic Watch Topic
  • New Topic

Authentication and Authorization of user and displaying the screens based on user role.  RSS feed

 
Pawan Hungund
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
We (Myself and my few friends) are trying to build a dynamic web application for Housing Society Management. We have just started and working on the design part.
The application will be used by owner/tenant to raise any complaints, or any necessary work done like plumbing, cleaning, electricity etc...
Each department plumbing, cleaning, electricity will have their own respective admin.

So house owner/tenant will have his own screen where he will login and raise some concerns.
When admin will be login , he will be authenticated and authorized to see his stuff. For example, the plumbing admin will see only the complaints related to plumbing that is raised by house owner.

So basically we want the user to be authenticated and authorized based on his roles and he should be able to see the respective screens.
How should we proceed with the authentication and authorization stuff.
Are there any java APIs for this. I googled and found JAAS API.

We are planning to use Spring MVC for mvc architecture, JSP on front end and MyBatis at db level.

Thanks,
Pawan H
 
Stephan van Hulst
Saloon Keeper
Posts: 7992
143
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm a big fan of using third party authentication, over storing passwords locally. In a lot of my hobby projects, I use OAuth to authenticate a user through Facebook or Google or some such.

You can then authenticate using a token, look up a user's rights or roles in your application's database, and issue a forbidden error when a user tries to access a page they don't have the rights to.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!