问题
I am planing to start a web-based project that involves user registrations just like forums/CMS, but my barrier is that I have not idea how to implement the so-called role-based access control.
I googled for "role-based access control" and I found in the results books about: Design Patters.
Is this related to what I need? Is there a tutorial about implementing this idea? Is the implementation on database-side or language programming-side?
Any reference? Any title?
回答1:
Design your tables such that user can have one or multiple role based on your system
Define your access to pages for group
admin.allowed = .*
user.allowed=/home/.*,/profile/.*
in some properties file
Create a Web Filter that reads the user from session and determines the role and sees if the page it is being requested is allowed if not it redirects to some other page
See Also
- Writing an authorization filter for my web app(JSF 2.0)
来源:https://stackoverflow.com/questions/13946119/how-to-implement-role-based-access-control-java-mysql