Java Reference
In-Depth Information
14.6
Using Roles
The security boundaries are very clearly defined when you're restricting
users to viewing their own data. Each user sees their own stuff, and
that's it. Sometimes, though, you need a more flexible way of expressing
who has access to what. One way of addressing this security issue is
to use roles, such as Administrator , Developer , User , Guest , and so on. By
assigning roles to users of your application and permitting access to
different parts according to these roles, you can easily control who gets
to see what.
Adding Roles in the Webmail Application
Let's define two roles for the webmail application: Administrator and User .
Administrators have access to everything, and users have access only
to their own data.
To use roles, we'll add a simple Role class in the model with a name
property:
Download email_35/src/stripesbook/model/Role.java
package stripesbook.model;
@Entity
public class Role extends ModelBase {
private String name;
public Role() {
}
public Role(String name) {
this .name = name;
}
/ * getters and setters, equals, hashCode * /
@Override
public String toString() {
return name;
}
}
We'll initialize the list of roles when the application starts up. Stripersist
provides the StripersistInit interface for such tasks; just implement the
interface, place the code in the init ( ) method, and you're good to go:
Download email_35/src/stripesbook/ext/init/DataInit.java
package stripesbook.ext.init;
public class DataInit implements StripersistInit {
private RoleDao roleDao = new RoleDaoImpl();
 
 
 
Previous Page
Next Page
Stripes...and Java Web Development is Fun Again
Search WWH ::




Custom Search
Home