Re: Wanted API to handle user roles

2003-11-03 Thread Vic Cekvenich 
You can use J2EE container security to autheticate the user and for some 
high level security.
For low level and complex security, once the user is identified, you can 
extend it.
I use JDBC relms with a self join and row level security.
So a user in a certian level of a tree can see for example all content 
from Texas. But same user can't see all the rows from NYC. And since it 
is stored in a SQL tree... no problem nesting, etc.

It would take too long to exaplin all the design details, but it should 
nudge you in the right direction.

Zsolt Koppany wrote:

Hi,

I'm searching for a Java library to implement Role based access in a Web
application. This API must support some kind of hierarchy. For example a
user might have all roles in a project (project administrator) but only
limited (or no) roles in an other project.
As far as I know, tomcat supports only user based roles, thus a user has a
role assigned to him everywhere.
Any suggestion?

Zsolt
--
Victor Cekvenich,
Struts Instructor
(215) 321-9146
Advanced Struts Training
 Server Side Java
training with Rich UI, mentoring, designs, samples and project recovery
in North East.
Simple best practice basic Portal, a Struts CMS, Membership, Forums,
Shopping and Credit processing,  software, ready
to develop/customize; requires a db to run.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Wanted API to handle user roles

2003-11-03 Thread Rajat Pandit 
hello zsolt,
i am currently working on a project with similar required. if  wonder if 
  u have read about ActionMapping. make your own custom mapping (by 
extending ActionMapping) and then define properties in it like getRole, 
setRole. and in the structs-config.xml file itself, mention the role 
allowed in that particular module.

in the user table, add another field called role. and make a level say 
0=> super user, 1=> Content Administrator 2=> Normal User etc. and then 
on the login you could save this in the session object and everytime a 
module is to be executed, you could check the role which has accesses to 
this module and compare it to the role stored in the session and take 
the necessary action.

hope this helps!!!
cheers!
rajat
Zsolt Koppany wrote:

Hi,

I'm searching for a Java library to implement Role based access in a Web
application. This API must support some kind of hierarchy. For example a
user might have all roles in a project (project administrator) but only
limited (or no) roles in an other project.
As far as I know, tomcat supports only user based roles, thus a user has a
role assigned to him everywhere.
Any suggestion?

Zsolt



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--

Rajat Pandit | [EMAIL PROTECTED]
+91 612 3117606
[ Developer and Part Time Human Being]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Wanted API to handle user roles

2003-11-03 Thread David Friedman 
Try this:

http://pow2acl.sourceforge.net/screenshots.html

I just wish there were a day to update (add/remove)
roles during production.  That way, I could switch
an admistrator to a client's ID and fix something
for the client, then switch back.  But, everything
I've seen about roles shows that Tomcat Principals
are ready-only, not mutable.

Regards,
David

-Original Message-
From: news [mailto:[EMAIL PROTECTED] Behalf Of Vic Cekvenich
Sent: Monday, November 03, 2003 11:16 AM
To: [EMAIL PROTECTED]
Subject: Re: Wanted API to handle user roles


You can use J2EE container security to autheticate the user and for some
high level security.
For low level and complex security, once the user is identified, you can
extend it.
I use JDBC relms with a self join and row level security.
So a user in a certian level of a tree can see for example all content
from Texas. But same user can't see all the rows from NYC. And since it
is stored in a SQL tree... no problem nesting, etc.

It would take too long to exaplin all the design details, but it should
nudge you in the right direction.

Zsolt Koppany wrote:

> Hi,
>
> I'm searching for a Java library to implement Role based access in a Web
> application. This API must support some kind of hierarchy. For example a
> user might have all roles in a project (project administrator) but only
> limited (or no) roles in an other project.
>
> As far as I know, tomcat supports only user based roles, thus a user has a
> role assigned to him everywhere.
>
> Any suggestion?
>
> Zsolt

--
Victor Cekvenich,
Struts Instructor
(215) 321-9146

Advanced Struts Training
<http://basebeans.com/do/cmsPg?content=TRAINING> Server Side Java
training with Rich UI, mentoring, designs, samples and project recovery
in North East.
Simple best practice basic Portal, a Struts CMS, Membership, Forums,
Shopping and Credit processing, <http://basicportal.com> software, ready
to develop/customize; requires a db to run.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Wanted API to handle user roles

2003-11-03 Thread Edgar P Dollin 
Write your own and implement with a filter.

Edgar

> -Original Message-
> From: Zsolt Koppany [mailto:[EMAIL PROTECTED] 
> Sent: Monday, November 03, 2003 9:56 AM
> To: Tomcat Users List; Struts Users Mailing List
> Subject: Wanted API to handle user roles
> 
> 
> Hi,
> 
> I'm searching for a Java library to implement Role based 
> access in a Web application. This API must support some kind 
> of hierarchy. For example a user might have all roles in a 
> project (project administrator) but only limited (or no) 
> roles in an other project.
> 
> As far as I know, tomcat supports only user based roles, thus 
> a user has a role assigned to him everywhere.
> 
> Any suggestion?
> 
> Zsolt
> 
> 
> 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]