Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

What's the best way to implement login and user rights?

Status
Not open for further replies.
SuperMoonster

SuperMoonster

Programmer
Aug 11, 2005
59
BR
Hello everyone,

I created this topic to hear some of your opinions. I'm developing a web application and I must now implement user login and user rights. Users may or may not have the right to Delete, Insert, Update, or Print. So I'm thinking about controlling this by just not showing them the option (jstl will have to help me a little here).

But I was wondering the best way to do this 2 things... and I thought of some:

For the login:
1. I was told that I could implement it using a filter in tomcat, is it right? Can I do it even if I have my own cypher method?
2. I could only write a class and have a login method. But how would I make sure that the user was logged, in every jsp?

For the rights (which will be stored in a table):
1. I could have a method that checks the table for the rights every time a page opens... and then, gives me the result. And then I would show or not show the option.
2. I could implement aspects, though I'm not sure they could be well used.

Well, this are just ideas. I'd like your opinions now, please, doesn't matter if they are different from mine.

Thanks.
 
Sort by date Sort by votes
This seems to be spesific to jsp, so this might not be the best place to ask. Being a unix/linux geek, I'd do something a little bit like a unix passwd file. Where comments are prefixed with a "#" and the name, password and rights "pairs" are stored as colon delinated strings. The password is stored as a SHA hash. You have a basic CRUD it sounds like, so I'd just assign each a "bit" (probablt in CRUD order):
Create
Read
Update
Delete

So, 4 bits would generate a number from 0 to 15, but having a read bit doesn't make much sense (especially if delete and update and create are allowed but not read -- then how do you know what your updating/deleting/created). So, we take out the read bit (and it equal to the logical oring (not xoring) of the other bits) and we get:

0 = 000 - no access
1 = 001 - read and delete
2 = 010 - read and update
3 = 011 - read, update and delete
4 = 100 - read and create
5 = 101 - read, create and delete
6 = 110 - read, create and update
7 = 111 - read, create, update and delete

Anything that a user doesn't have access to should be "greyed out" or just not shown... It's frustrating as a user to see an option, try to use only to get a message "you don't have permission." So, it is best not to let them know that the feature even exsists.

[plug=shameless]
[/plug]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

soni21
  • Locked
  • Question
Best Practices for Exception Handling in Java
Replies
0
Views
653
soni21
soni21
soni21
  • Locked
  • Question
Choosing the Right Programming Language for Your Learning Path
Replies
2
Views
648
xwb
xwb
mihailmihai988
  • Locked
  • Helpful tip
The next column word as translate
Replies
0
Views
508
mihailmihai988
mihailmihai988
shivam bhatele
  • Locked
  • Question
Check If String Contains any Of the Word From Given List?
Replies
0
Views
647
shivam bhatele
shivam bhatele
jmarkus
  • Locked
  • Question
Exception in thread "AWT-EventQueue-0" triggered by normal user, but not administrator
Replies
0
Views
495
jmarkus
jmarkus

Part and Inventory Search

Sponsor

Back
Top