5

I am planing to start a web-based project that involves user registrations just like forums/CMS, but my barrier is that I have not idea how to implement the so-called role-based access control.

I googled for "role-based access control" and I found in the results books about: Design Patters.

Is this related to what I need? Is there a tutorial about implementing this idea? Is the implementation on database-side or language programming-side?

Any reference? Any title?

malhobayyeb
  • 2,725
  • 11
  • 57
  • 91

1 Answers1

3

Design your tables such that user can have one or multiple role based on your system

Define your access to pages for group

admin.allowed = .*
user.allowed=/home/.*,/profile/.*

in some properties file

Create a Web Filter that reads the user from session and determines the role and sees if the page it is being requested is allowed if not it redirects to some other page

See Also

Community
  • 1
  • 1
jmj
  • 237,923
  • 42
  • 401
  • 438
  • Is this the only available practice? – malhobayyeb Dec 19 '12 at 05:40
  • This is the basic way to do this, There are framework out there which does this internally with providing more features on top of it for example Spring Security – jmj Dec 19 '12 at 05:44
  • Like Jigar Joshi said there are a lot of frameworks which do this for you. But if you don't want to resort to a framework you would have to create a filter like in the answer, or implement the restrictions yourself in the main servlet of your application – steelshark Dec 19 '12 at 16:11