• Post Reply Bookmark Topic Watch Topic
  • New Topic

Question regarding design of a login module for a system  RSS feed

 
Charles Sexton
Ranch Hand
Posts: 273
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm trying to develop a login module for a system. I am a bit confused on the most efficient way of implementing a login module that based on the user allows for certain levels of authorization.


I thought of doing what I would call process or GUI screen authorization.

The user is applied authorization to certain processes or GUI screens. Each unique process or GUI screen will be given a unique identifier. A user's authorization level will be controlled by applying the unique identifier of the processes and GUI screens allowed to the user account. The unique identifier will be stored in the database which will be associated with each individual user account. It would be ideal to store the allowed unique identifiers in an array as long as the user has a connection to the server. Unique identifiers can only be granted by the appropriate level of authorization which will be contained in a process with a unique identifier and given to the selected users. Each time a user tries to use a process or access a GUI screen with a unique identifier, the server will immediately validate authorization before presenting the user with a GUI screen or allowing a process to be complete.

Any suggestions is greatly appreciated.
 
Vijitha Kumara
Bartender
Posts: 4002
42
Chrome Fedora Hibernate
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
...It would be ideal to store the allowed unique identifiers in an array as long as the user has a connection to the server. ...


I can think of below options among others.

1 - Validate on-demand, that is validate on each such request from the user against the DB
2 - Load these permission for the particular user at the login time and store in the session
3 - Load these permissions when the user send such a request for the first time and store in the
session.

You need to see what best suite based on the load/usage etc...
 
Charles Sexton
Ranch Hand
Posts: 273
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Vijitha Kumara wrote:
...It would be ideal to store the allowed unique identifiers in an array as long as the user has a connection to the server. ...


I can think of below options among others.

1 - Validate on-demand, that is validate on each such request from the user against the DB
2 - Load these permission for the particular user at the login time and store in the session
3 - Load these permissions when the user send such a request for the first time and store in the
session.

You need to see what best suite based on the load/usage etc...


How would you test the different options considering performance issues?
 
Junilu Lacar
Sheriff
Posts: 11477
180
Android Debian Eclipse IDE IntelliJ IDE Java Linux Mac Spring Ubuntu
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Instead of reinventing the wheel, I would look at one of a number of security frameworks out there that provides a lot of the plumbing needed. One that comes to mind is Spring Security. Another is Apache Shiro
 
Charles Sexton
Ranch Hand
Posts: 273
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Junilu Lacar wrote:Instead of reinventing the wheel, I would look at one of a number of security frameworks out there that provides a lot of the plumbing needed. One that comes to mind is Spring Security. Another is Apache Shiro


I didn't know that their were open source libraries for this. I believe in exactly what you said, don't reinvent the wheel. Reinventing the wheel is pointless but I still need to know what is happening in the background and would actually like to make my own. I might start with the libraries you suggested for learning purposes and then transition into something developed by me..
 
Winston Gutkowski
Bartender
Posts: 10575
66
Eclipse IDE Hibernate Ubuntu
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Charles Sexton wrote:I didn't know that their were open source libraries for this. I believe in exactly what you said, don't reinvent the wheel. Reinventing the wheel is pointless but I still need to know what is happening in the background and would actually like to make my own. I might start with the libraries you suggested for learning purposes and then transition into something developed by me..

Another thing to think about then might be a framework that can accept credentials or a certificate from a "universal" login component. In my days, there was only Kerberos and a couple of others, but now you have no end of "social vomit" apps out there that provide this sort of stuff.

Winston
 
Dave Tolls
Ranch Foreman
Posts: 3056
37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Winston Gutkowski wrote:... but now you have no end of "social vomit" apps out there that provide this sort of stuff.

Winston


I like the cut of your jib, sir, and would like to subscribe to your newsletter...
 
Winston Gutkowski
Bartender
Posts: 10575
66
Eclipse IDE Hibernate Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dave Tolls wrote:I like the cut of your jib, sir, and would like to subscribe to your newsletter...

Would that I had one, sir; but your approbation is much appreciated.

What think you to: "The Apple Tree"?

Winston
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!