struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vic Cekvenich <>
Subject Re: Wanted API to handle user roles
Date Mon, 03 Nov 2003 16:16:28 GMT
You can use J2EE container security to autheticate the user and for some 
high level security.
For low level and complex security, once the user is identified, you can 
extend it.
I use JDBC relms with a self join and row level security.
So a user in a certian level of a tree can see for example all content 
from Texas. But same user can't see all the rows from NYC. And since it 
is stored in a SQL tree... no problem nesting, etc.

It would take too long to exaplin all the design details, but it should 
nudge you in the right direction.

Zsolt Koppany wrote:

> Hi,
> I'm searching for a Java library to implement Role based access in a Web
> application. This API must support some kind of hierarchy. For example a
> user might have all roles in a project (project administrator) but only
> limited (or no) roles in an other project.
> As far as I know, tomcat supports only user based roles, thus a user has a
> role assigned to him everywhere.
> Any suggestion?
> Zsolt

Victor Cekvenich,
Struts Instructor
(215) 321-9146

Advanced Struts Training
<> Server Side Java
training with Rich UI, mentoring, designs, samples and project recovery
in North East.
Simple best practice basic Portal, a Struts CMS, Membership, Forums,
Shopping and Credit processing, <> software, ready
to develop/customize; requires a db to run.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message