How to implement role-based access control Java/MySql?

Question

I am planing to start a web-based project that involves user registrations just like forums/CMS, but my barrier is that I have not idea how to implement the so-called role-based access control.

I googled for "role-based access control" and I found in the results books about: Design Patters.

Is this related to what I need? Is there a tutorial about implementing this idea? Is the implementation on database-side or language programming-side?

Any reference? Any title?

Answer 1

Design your tables such that user can have one or multiple role based on your system

Define your access to pages for group

admin.allowed = .*
user.allowed=/home/.*,/profile/.*

in some properties file

Create a Web Filter that reads the user from session and determines the role and sees if the page it is being requested is allowed if not it redirects to some other page

---

See Also

• Writing an authorization filter for my web app(JSF 2.0)