role based access

Thread view:

gk - 08 Feb 2006 15:37 GMT

i have a database. this database has a table. this table has columns
{userid,role}

example :

userid role
====== ====
issac admin
burk support
chelly operator

// so on

i have few JSP pages.

report.jsp
update.jsp
insert.jsp
support.jsp
login.jsp

intially, a user will get login.jsp where he has to put the user id
and password.

if the user has role "admin" , then he can access all the above JSP
pages.

if the user has role "support" , then he can access only the
support.jsp, no other page he can access.

if the user has role "operator" , then he can access only the
update.jsp,insert.jsp no other page he can access.

Question :

As you see, this is a role based access.

How do i code this role based access ?

Reply to this Message

gk - 08 Feb 2006 15:43 GMT

should i modify the above JSP pages and write at the top the following
code,

say, for insert.jsp should i modify this way ?

insert.jsp
===========

if(userid.equals("admin") || userid.equals("operator") )
{

// JSP code

}

please suggest me the correct procedure to solve this problem.i dont
know how this can be done . this is a guess.

thank you

Reply to this Message

Roedy Green - 08 Feb 2006 16:50 GMT

>userid role
>====== ====
>issac admin
>burk support
>chelly operator

At least in Tomcat, each userid can have more than one role record.

Tomcat offers five different interfaces to databases of passwords.
JDBCRealm lets you interface to a SQL users and userroles
tables. You configure the name of your table containing the user ids
and passwords (among other things) and your roles table which
describes which roles a user can play. You assign Tomcat a
userid/password and jDBC connect string to give it with read-only
access to your database to perform the authentications. It is much
simpler than it first looks.

Signature

Canadian Mind Products, Roedy Green.
http://mindprod.com Java custom programming, consulting and coaching.

Reply to this Message

gk - 08 Feb 2006 17:47 GMT

Hi,
thank you for the reply.

i dont want to be restricted within Tomcat only , i may wish to deploy
into some other server too.

>At least in Tomcat, each userid can have more than one role record.

may be. but my role is like that what i mentioned . that is my design.

>Tomcat offers five different interfaces to databases of passwords.
>JDBCRealm lets you interface to a SQL users and userroles
[quoted text clipped - 4 lines]
>access to your database to perform the authentications. It is much
>simpler than it first looks.

very much confused with this response. did you mean to use
"security-constraint" in the web.xml. i googled and found some pages
where people are demanding this can be done via web.xml and form based
authentication.

but none of them have become successful. they have messed up somehwhere
at last.

did your comment pointing to that ?

will you please show a small sample code to do this ? how you are
going to do this ? i am not clear .

please explain.

thank you

N.B : is there any example exists about what you are saying. i cant
understand your solution.

Reply to this Message

gk - 09 Feb 2006 04:02 GMT

anybody please respond

> Hi,
> thank you for the reply.
[quoted text clipped - 34 lines]
> N.B : is there any example exists about what you are saying. i cant
> understand your solution.

Reply to this Message

Roedy Green - 09 Feb 2006 06:22 GMT

>very much confused with this response. did you mean to use
>"security-constraint" in the web.xml. i googled and found some pages
>where people are demanding this can be done via web.xml and form based
>authentication.

I am new at this and digging into it for a project I am working on
http://mindprod.com/projects/internationaliser.html

I have not run into this "security-constraint" thing yet.

Signature

Canadian Mind Products, Roedy Green.
http://mindprod.com Java custom programming, consulting and coaching.

Reply to this Message

role based access

Free Magazines