I need to create a web application for a School and I need to have different roles such as:
I need to have a login at the beginning and then after entering the credentials the application needs to redirect to the home page.
The question here is: How should I handle the roles? Should I have a namespace for each role? i.e: students/index.jsp, professors/index.jsp, admin/index.jsp or have a common namespace for all roles? something like home/index.jsp? and then use decorator/composite pattern to have the menus have different options based on the role?
For this question I know that I must store the users and the roles, each on in it's own table, this question is more related abour handling presentation/navigation/permission roles and how to create the webapp structure, i.e have a directory under webapp folder called students, another folder admin, and another one students and about the point I mentioned above (decorator or composite pattern)
Of course I am not making an app this small but I wanted to simplify the issues I am facing in order to create a big role web based application, and I believe these are the main principles.
Thank you for your time and help.
Role-based access control (RBAC) allows users or groups to have specific permissions to access and manage resources. Typically, implementing RBAC to protect a resource includes protecting either a web application, a single-page application (SPA), or an API.
5 Steps to Implement Role-Based Access ControlCreate a mapping of roles to resources from step 1 such that each function can access resources needed to complete their job. Create security groups that represent each role. Assign users to defined roles by adding them to the relevant role-based groups.
Technical – assigned to users that perform technical tasks. Administrative – access for users that perform administrative tasks.
You definitely do NOT want to have separate pages ("namespaces") for different roles as that would almost inevitably lead to code duplication.
You should have a page for each function and restrict access based on the roles of the users. (e.g. some menu items are not visible for a Student, but shown for Professors and Admins.)
You absolutely should not try re-inventing the wheel for managing role based permissions, as there are battle proven frameworks for that purpose: as others pointed out already, in Java world, Spring and Spring Security is the way to go.
I think JSP as technology is getting aged, so you should probably start learning Angular instead.
Since getting a working Spring / Angular project setup is not trivial, I would recommend you to use JHipster application generator that guides you through the whole process with a wizard (you have to just answer some questions -- when asked about the type select monolithic web application
): it then creates a working project configuration with role based security in place following modern recommendations.
If you want to learn about proper role based access control in a modern web application, looking at the solutions used in a JHipster generated application is I believe the best and fastest solution:
org.springframework.security.access.annotation.Secured
annotation in the generated project<h1 *jhiHasAnyAuthority="'ROLE_ADMIN'">Hello, admin user</h1>
, which you could easily adopt to your own use case.monolithic web application
!)If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With