Java Reference
In-Depth Information
14.6
Using Roles
The security boundaries are very clearly defined when you're restricting
users to viewing their own data. Each user sees their own stuff, and
that's it. Sometimes, though, you need a more flexible way of expressing
who has access to what. One way of addressing this security issue is
to use roles, such as
Administrator
,
Developer
,
User
,
Guest
, and so on. By
assigning roles to users of your application and permitting access to
different parts according to these roles, you can easily control who gets
to see what.
Adding Roles in the Webmail Application
Let's define two roles for the webmail application:
Administrator
and
User
.
Administrators have access to everything, and users have access only
to their own data.
To use roles, we'll add a simple
Role
class in the model with a
name
property:
package
stripesbook.model;
@Entity
public class
Role
extends
ModelBase {
private
String name;
public
Role() {
}
public
Role(String name) {
this
.name = name;
}
/
*
getters and setters, equals, hashCode
*
/
@Override
public
String toString() {
return
name;
}
}
We'll initialize the list of roles when the application starts up. Stripersist
provides the
StripersistInit
interface for such tasks; just implement the
interface, place the code in the
init
( ) method, and you're good to go:
package
stripesbook.ext.init;
public class
DataInit
implements
StripersistInit {
private
RoleDao roleDao =
new
RoleDaoImpl();
Search WWH ::
Custom Search