Question
I'm working on a java swing application that up until now was single user/role. Now I have a requirement that users should be separated into roles with different permissions. Each panel in the application will have certain permission requirements that will dictate its behavior (i.e. it needs permission P1 for visualization and P2 for editing).
After some research it I'll stick to Apache Shiro for my security/UAC framework.
My question is this: Where should I store the required permissions for each panel? My first thought was to have them in the java class itself, but this seems kind of "hack-y". Another option was to have them stored in the database and link the class with its required permissions. But this creates problems: every time a new panel is added/removed permissions will have to be updated in the database.
If you have any pointers to how this could be done/was already done, i would be very grateful.
Solution
I think the safest thing is to store the permissions in the database (or any other centralized server). The advantage is that if the permissions change, you have only one central place to change.
If any security configuration is in the application, then after a change you would have to make sure that no user is using secretly an old version...
https://stackoverflow.com/questions/14754077
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian