Access and permission control

Asked

Viewed 1,494 times

4

I have a CRUD project to manage faculty and college courses using jsf+primefaces+jpa. My problem is this:

  • There are the users who are the coordinators of the courses and the users who are functionaries. The employees have access to the list of all courses registered in the database, but the cordenadores can only view the data of his course.

    • Example: Normal user opens the crud screen and sees a datatable showing all courses. A cordenador sees a datatable showing only the course assigned to it.

How do I restrict this type of access to a user?

java jsf primefaces security-guard tomcat

  • Basically you can put a manual check on each call that checks the type of user and gives or does not access. In the menus you can hide the items that he should not access. On the screens you check if you have access is throws an error if you do not have, in case a smart guy access the URL directly. How this is done depends on how your system is implemented. For something more advanced you can try Spring Security, but I’d say it’s not worth the effort if it’s an academic system. There are other questions and answers about Spring Security here just search.

2 answers

-1

Dude, Voce would have to do a userStatic, take the id that is logged in and compare the permission, do you use filter or springSecurity ? you can create permissions with a boolean too. EX.:

@Override
      public List<Ordens> listarTodos() {
    S  tring sql = "select o from Ordens as o inner join o.usuario as u where u.id"
            + " = "+UserStatic.getUsuario().getId();

    if(UserStatic.getUsuario().getPermissaoUsuario().equals(PermissaoUsuario.USER))
         return getEntityManager().createQuery(sql).getResultList();

      if(UserStatic.getUsuario().getPermissaoUsuario().equals(PermissaoUsuario.ENCARREGADO))
         return getEntityManager().createQuery(sql).getResultList();


    return super.listarTodos();

-1

Better than pure filter does not exist. Springsecurity also filter, but specific and plastered.

Example:

/**
 * Filter para tratar login no sistema
 */
@WebFilter(
        filterName = "all", urlPatterns = { "/*" }, dispatcherTypes = { DispatcherType.ASYNC, DispatcherType.FORWARD,
                DispatcherType.INCLUDE, DispatcherType.REQUEST, DispatcherType.ERROR })
public class NossoFilterAllRequest implements Filter
{

    /**
     * urlPatterns = { "/*" } isso vai fazer com todas as resições passem por aqui
     */

    /**
     * @Objetivo Implementar o filtro de logar no sistema
     */
    @Override
    public void doFilter(ServletRequest requestServlet, ServletResponse responseServlet, FilterChain chain)
            throws IOException, ServletException
    {
        try
        {
            final HttpServletRequest rq = (HttpServletRequest) request;
            final HttpServletResponse rp = (HttpServletResponse) response;
            final SeuObjetoSessaoLogin objSession = (SeuObjetoSessaoLogin) rq.getSession().getAttribute("login");
            //sua lógica
             chain.doFilter(request, response);
        }
        catch (Exception e)
        {
            e.printStackTrace();
        }
    }




    @Override
    public void destroy()
    {
        //se precisar logicas de baixar algum serviço, executa quando para o serviço
    }

    @Override
    public void init(FilterConfig config) throws ServletException
    {
        //se precisar iniciar alguma lógica.. executa quando inicia o serviço
    }
}

Browser other questions tagged java jsf primefaces security-guard tomcat

You are not signed in. Login or sign up in order to post.