Hi there, I'm currently creating a web-app using J2EE. I'm trying to make it so that different users logging on have different permissions (ex: NoviceUser, IntermediateUser, ProUser). I'm trying to figure out the best way to provide functionality based on the role of the current logged in user. Are security roles the best way to go about doing this? Would it be possible that during account creation, the user specifies whether he/she is a novice/intermediate/pro user, and then the corresponding role gets associated to him/her?
I guess what I'm trying to ask is how to add a newly created user to a security role group programatically. I've seen tutorials online, but they seem to suggest that the admin has to manually map the users to security role groups through an xml file. I'd rather this be done by the app as soon as a user makes his/her account.