• Post Reply Bookmark Topic Watch Topic
  • New Topic

need help whit a Authorization system  RSS feed

 
ayoub belkas
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi
i need to make a Authorization system to see if a user has the right to see a swing component (buttons,tables ...)
i tried jaas but i am this close to be crazy + it seam that its only good for files
thanks any example will be appreciated
 
L Foster
Ranch Hand
Posts: 227
12
Android Angular Framework AngularJS Java Spring
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@ayoub,
One thing to be cautious about, is that Swing clients, being fat in nature, have a lot of code on the client side. As such, if someone gets the code (freely distributed, for example, or reverse engineered), they can look at whatever components they like. So, this is not going to be terribly strong security, IMHO. Obfuscation could help.

That being said, you can programmatically hide components, or not add them, based on roles. Your user's credentials can be sent to some server, perhaps, and a list of privileges come back. The server would be the important part. It sends back the roles. You have rules for roles, etc.

You could do this much as you would authenticate with some remote HTTPS server.

I hope that helps.
 
ayoub belkas
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
L Foster wrote:@ayoub,
One thing to be cautious about, is that Swing clients, being fat in nature, have a lot of code on the client side. As such, if someone gets the code (freely distributed, for example, or reverse engineered), they can look at whatever components they like. So, this is not going to be terribly strong security, IMHO. Obfuscation could help.

That being said, you can programmatically hide components, or not add them, based on roles. Your user's credentials can be sent to some server, perhaps, and a list of privileges come back. The server would be the important part. It sends back the roles. You have rules for roles, etc.

You could do this much as you would authenticate with some remote HTTPS server.

I hope that helps.

thank you for your respance but i seam to miss-explain my problem i am not looking to make my code hard to crack but just to make somthing like this
a user X can see button A but not B
user Y can see B but not A
user Z can see both
thank you
 
Paul Clapham
Sheriff
Posts: 22185
38
Eclipse IDE Firefox Browser MySQL Database
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You could use the setVisible() method to control whether a button is visible. So preferably your code would go something like this:

1. Find out who the user is.

2. Generate the GUI, making the buttons invisible or visible depending on the user. Or alternatively, add the buttons to the GUI or don't add them depending on the user.

Does that help? Or is there some part of that which is still a problem? Let us know and we can hopefully get it designed.
 
L Foster
Ranch Hand
Posts: 227
12
Android Angular Framework AngularJS Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@Ayoub, @Paul is right about the mechanisms for making components visible or otherwise.

From the wording you gave, I did assume you wanted to know how to get the actual information of: who is allowed to do what. The words of caution were just extra.

If Paul's answer is what you need, fine. Otherwise, if you need info about how to login a user, please post whatever code you had for JAAS.
 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!