role based access

G

gk

i have a database. this database has a table. this table has columns
{userid,role}

example :

userid role
====== ====
issac admin
burk support
chelly operator

// so on








i have few JSP pages.

report.jsp
update.jsp
insert.jsp
support.jsp
login.jsp


intially, a user will get login.jsp where he has to put the user id
and password.


if the user has role "admin" , then he can access all the above JSP
pages.


if the user has role "support" , then he can access only the
support.jsp, no other page he can access.


if the user has role "operator" , then he can access only the
update.jsp,insert.jsp no other page he can access.



Question :

As you see, this is a role based access.

How do i code this role based access ?
 
G

gk

should i modify the above JSP pages and write at the top the following
code,

say, for insert.jsp should i modify this way ?

insert.jsp
===========

if(userid.equals("admin") || userid.equals("operator") )
{

// JSP code

}






please suggest me the correct procedure to solve this problem.i dont
know how this can be done . this is a guess.



thank you
 
R

Roedy Green

userid role
====== ====
issac admin
burk support
chelly operator
Click to expand...

At least in Tomcat, each userid can have more than one role record.


Tomcat offers five different interfaces to databases of passwords.
JDBCRealm lets you interface to a SQL users and userroles
tables. You configure the name of your table containing the user ids
and passwords (among other things) and your roles table which
describes which roles a user can play. You assign Tomcat a
userid/password and jDBC connect string to give it with read-only
access to your database to perform the authentications. It is much
simpler than it first looks.
 
G

gk

Hi,
thank you for the reply.

i dont want to be restricted within Tomcat only , i may wish to deploy
into some other server too.
At least in Tomcat, each userid can have more than one role record.
Click to expand...

may be. but my role is like that what i mentioned . that is my design.
Tomcat offers five different interfaces to databases of passwords.
JDBCRealm lets you interface to a SQL users and userroles
tables. You configure the name of your table containing the user ids
and passwords (among other things) and your roles table which
describes which roles a user can play. You assign Tomcat a
userid/password and jDBC connect string to give it with read-only
access to your database to perform the authentications. It is much
simpler than it first looks.
Click to expand...

very much confused with this response. did you mean to use
"security-constraint" in the web.xml. i googled and found some pages
where people are demanding this can be done via web.xml and form based
authentication.

but none of them have become successful. they have messed up somehwhere
at last.


did your comment pointing to that ?


will you please show a small sample code to do this ? how you are
going to do this ? i am not clear .

please explain.

thank you


N.B : is there any example exists about what you are saying. i cant
understand your solution.
 
G

gk

anybody please respond








Hi,
thank you for the reply.

i dont want to be restricted within Tomcat only , i may wish to deploy
into some other server too.


may be. but my role is like that what i mentioned . that is my design.


very much confused with this response. did you mean to use
"security-constraint" in the web.xml. i googled and found some pages
where people are demanding this can be done via web.xml and form based
authentication.

but none of them have become successful. they have messed up somehwhere
at last.


did your comment pointing to that ?


will you please show a small sample code to do this ? how you are
going to do this ? i am not clear .

please explain.

thank you


N.B : is there any example exists about what you are saying. i cant
understand your solution.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Big collection with userid or small collections 6
Need role based access on a DAO 4
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Role-based authentication from active directory 2
Java Application 1
Login form no longer working 2
Wildcards in role-name 3
RBAC-role based access control packages? 0

Members online

Total: 21 (members: 1, guests: 20)
Robots: 426

Forum statistics

Threads
473,769
Messages
2,569,577
Members
45,054
Latest member
LucyCarper

Latest Threads

Top