I want to create an application with three kind of user : administrator, professional and simple user everyone will see special pages, so I must use roles. Do someone have a good example or tutorial on how to do this ? thnx a lot
+1
A:
I would suggest you to go for Spring Security.Have a look at this tutorial
If you don't want to use It you should go for Filter.
Write a filter that will check the USER role manually from DB and according allow or restrict the access
org.life.java
2010-08-03 15:34:53
And how to display pages that concern the right user authentified ? for example : administrator can see the addDocument page but not the simple user ?
taichimaro
2010-08-03 15:45:01
please elaborate it .
org.life.java
2010-08-03 15:59:59
Check user's ROLE on request (or even you can put it in session scope at login time), now if the requested page is accessible by the logged in ROLE then display it or redirect it to some other page.
org.life.java
2010-08-03 16:01:27
+1
A:
First create a datastore with users and roles and the relationships between them. Most straightforward choice would be a SQL database with user, role and user_roles tables.
Then there are basically two ways to achieve this in JSP/Servlet side.
Homegrow it. Easiest to get started with, but it will end up to be less maintainable in long term. You have to create a HTML/JSP login form, a login servlet to validate, find and login the user and a login filter to check if the user is logged-in and/or has access to the requested resource.
Make use of Java EE provided container managed security. You just have to create a HTML/JSP login form and for remnant it goes all in
web.xmland server's Realm configuration.
To display specific page content/components based on the user role, you can make use of the flow control tags of JSTL: <c:if> and <c:choose>.
BalusC
2010-08-03 15:39:24
Hello,Can I do this even if I'm using EXTJS for my forms ???The thing to do, is for example, display page1,page2 and page3 if it's an administratorand display page2, page4 if it's a professionaldo you see ?
taichimaro
2010-08-03 15:57:41
ExtJS is a Javascript library. JS runs at the webbrowser where the enduser has full control over the JS code (i.e. he can disable/hack/spoof the JS code). You'd like to do this kind of sensitive stuff entirely on the server side. Use JS for progressive enhancement only, not to take over the server's work.
BalusC
2010-08-03 16:02:02
Thnx a lot,but I'm asking if that it have any influence ???and how to do what I said before (for pages) in the server side ???
taichimaro
2010-08-03 16:12:51
ExtJS runs at webbrowser, not at webserver. Java/JSP/Servlet runs at webserver. I've already given links how to do this and I've suggested to use JSTL. By the way: one question mark is really enough to denote a question. Multiple question marks would only unnecessarily turn an innocent question into an astonishment which might overcome stupid/rude to others ;)
BalusC
2010-08-03 16:17:10