tags:

views:

38

answers:

2
Q: 

Data Access control in J2EE technologies

Hi Guys,

I am working on a project that requires that i implement a mechanism for controlling data access to the content that displayed on the pages.

First off to clarify, i am not refering to the ability for different users to log on to a specific page and or view specific pages. That is a different type of access control. I am more interested in the "Data Access" i.e. where multiple users can view the same page but the data that is displayed depend on the data access control privileges they have.

I am intersted to know of the different approaches out there to implementing "data access" control. is there a framework out there for this kind of thing? I am currently using Struts.

Im thinking to do this, i will need to somehow to categorise and store the kinds of data i keep and which configure which users can view/amend it. I want to try and avoid produce something completely from scratch so im wondering how the experts do this and what frameworks technologies assist them in doing it.

Thanks

+1  A: 

You are looking for a authorization solution? Have you already checked JAAS, OSUser and similars? The authentication requirements can vary greatly, i think you need to be more specific, try adding a use case.

Julio Faerman  2010-07-20 12:32:08
+1  A: 

I guess you need Spring Security Framework. With this framework, you assign different roles to different users. For example, we can define two roles: ROLE_USER, ROLE_ADMIN. Then we assign those roles to users. For example, a user A can have only one role, ROLE_USER and a user B can have both of the roles. Now if on a particular JSP, you want to show something to user B only, you can put the code into a pair of authorization tags:

<sec:authorize ifAllGranted="ROLE_USER, ROLE_ADMIN">
     <!-- html, jsp scriplets, jstl tags inside here will be visible to user B only --> 
</sec:authorize>

Similarly if you want to show something to both of them:

<sec:authorize ifAllGranted="ROLE_USER">
     <!-- anything inside here will be visible to both users --> 
</sec:authorize>

Hope it helps.

craftsman  2010-07-20 12:38:48

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java