Restrict user accessing Multiple pages in Web Application Using Java -
in our java based web application have concept of roles , users. have many links in our page, , these links can accessed based on role assigned user.the roles , user related information stored in db.
during user login time query db, related roles , display links assigned roles. user can see links has access.
this way working weel. every time user login program checks role level database.this burden database. please suggest ways prevent accessing multiple links in web application.
2 options:
1) put user roles in session when authenticated first time , access session everytime tries access functionality
2) use map<string, list<role>>
cache , access map instead of database authenticating user. key of map can username. when user logs in, add user map. when user logs out or session expires, remove map. spring security uses ehcache caching same.
public void dologin(httpsevletrequest request) { string username = request.getparameter("username"); string password = request.getparameter("password"); user user = service.authenticate(username, password); httpsession session = request.getsession(); session.setattribute("roles", user.getroles()); } public void save(httpservletrequest request) { list<role> roles = request.getsession().getattribute("roles"); for(role role : roles) { if(role.getname()=="save") { service.save(); break; } } }
a trivial example added. cache, it'll similar except instead of session use map.
Comments
Post a Comment