For low level and complex security, once the user is identified, you can extend it.
I use JDBC relms with a self join and row level security.
So a user in a certian level of a tree can see for example all content from Texas. But same user can't see all the rows from NYC. And since it is stored in a SQL tree... no problem nesting, etc.
It would take too long to exaplin all the design details, but it should nudge you in the right direction.
Zsolt Koppany wrote:
Hi,
I'm searching for a Java library to implement Role based access in a Web application. This API must support some kind of hierarchy. For example a user might have all roles in a project (project administrator) but only limited (or no) roles in an other project.
As far as I know, tomcat supports only user based roles, thus a user has a role assigned to him everywhere.
Any suggestion?
Zsolt
-- Victor Cekvenich, Struts Instructor (215) 321-9146
Advanced Struts Training <http://basebeans.com/do/cmsPg?content=TRAINING> Server Side Java training with Rich UI, mentoring, designs, samples and project recovery in North East. Simple best practice basic Portal, a Struts CMS, Membership, Forums, Shopping and Credit processing, <http://basicportal.com> software, ready to develop/customize; requires a db to run.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
