P
pramodr
Hi group,
I have a design problem described as follows.
I have a simple application which I need to make secure, which
currently is not. I am planning to implement security at the DAO
level. For instance I have a DAO, say AuditScheduleDAO which requires
a role based access. A user with role admin can add/modify/view an
AuditSchedule in the DB (Postgres db) thru the DAO. However the admin
cannot delete it, which could be done only by the superAdmin.
Similarly I have a two more other roles - auditor (add/view only) ,
user (view only)
What could be the best design possible ? I use struts as front end
and tomcat 5.5 server. I am planning to implement JAAS security and
<security-constraint> defined in web.xml to protect the urls whichever
are not accessible, however I cannot use <security-constraint> for
role based access of java objects.
Any suggestions ?
regards
Pramod Ramachandran
I have a design problem described as follows.
I have a simple application which I need to make secure, which
currently is not. I am planning to implement security at the DAO
level. For instance I have a DAO, say AuditScheduleDAO which requires
a role based access. A user with role admin can add/modify/view an
AuditSchedule in the DB (Postgres db) thru the DAO. However the admin
cannot delete it, which could be done only by the superAdmin.
Similarly I have a two more other roles - auditor (add/view only) ,
user (view only)
What could be the best design possible ? I use struts as front end
and tomcat 5.5 server. I am planning to implement JAAS security and
<security-constraint> defined in web.xml to protect the urls whichever
are not accessible, however I cannot use <security-constraint> for
role based access of java objects.
Any suggestions ?
regards
Pramod Ramachandran