Return-Path: Delivered-To: apmail-jakarta-struts-user-archive@www.apache.org Received: (qmail 77518 invoked from network); 3 Nov 2003 16:17:04 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 3 Nov 2003 16:17:04 -0000 Received: (qmail 34150 invoked by uid 500); 3 Nov 2003 16:16:31 -0000 Delivered-To: apmail-jakarta-struts-user-archive@jakarta.apache.org Received: (qmail 34120 invoked by uid 500); 3 Nov 2003 16:16:31 -0000 Mailing-List: contact struts-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Struts Users Mailing List" Reply-To: "Struts Users Mailing List" Delivered-To: mailing list struts-user@jakarta.apache.org Received: (qmail 34060 invoked from network); 3 Nov 2003 16:16:31 -0000 Received: from unknown (HELO main.gmane.org) (80.91.224.249) by daedalus.apache.org with SMTP; 3 Nov 2003 16:16:31 -0000 Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 1AGhNZ-0000SR-00 for ; Mon, 03 Nov 2003 17:16:33 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: struts-user@jakarta.apache.org Received: from sea.gmane.org ([80.91.224.252]) by main.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1AGhNY-0000SJ-00 for ; Mon, 03 Nov 2003 17:16:32 +0100 Received: from news by sea.gmane.org with local (Exim 3.35 #1 (Debian)) id 1AGhNX-0006sD-00 for ; Mon, 03 Nov 2003 17:16:31 +0100 From: Vic Cekvenich Subject: Re: Wanted API to handle user roles Date: Mon, 03 Nov 2003 11:16:28 -0500 Lines: 41 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en In-Reply-To: Sender: news X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N You can use J2EE container security to autheticate the user and for some high level security. For low level and complex security, once the user is identified, you can extend it. I use JDBC relms with a self join and row level security. So a user in a certian level of a tree can see for example all content from Texas. But same user can't see all the rows from NYC. And since it is stored in a SQL tree... no problem nesting, etc. It would take too long to exaplin all the design details, but it should nudge you in the right direction. Zsolt Koppany wrote: > Hi, > > I'm searching for a Java library to implement Role based access in a Web > application. This API must support some kind of hierarchy. For example a > user might have all roles in a project (project administrator) but only > limited (or no) roles in an other project. > > As far as I know, tomcat supports only user based roles, thus a user has a > role assigned to him everywhere. > > Any suggestion? > > Zsolt -- Victor Cekvenich, Struts Instructor (215) 321-9146 Advanced Struts Training Server Side Java training with Rich UI, mentoring, designs, samples and project recovery in North East. Simple best practice basic Portal, a Struts CMS, Membership, Forums, Shopping and Credit processing, software, ready to develop/customize; requires a db to run. --------------------------------------------------------------------- To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: struts-user-help@jakarta.apache.org