Home/ Questions/Q 6235791
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T10:43:51+00:00

I am creating an enterprise level application, where there are different types of users.

  • 0

I am creating an enterprise level application, where there are different types of users. Normal User, Organisation Admin, Super Admin. Every user has different roles.

  1. Normal user : access functionality of core application.

  2. Organisation Admin : create user ander its orgnisation.

  3. Super User : Approve user and organisation

How this architecture to be designed? Should the roles to be designed as separate classes. Or using inheritance different types of users to be creaated??

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Typically roles aren’t modelled as classes, but they are simply strings. When a user authenticates, a number of these strings are associated with the Security principal of the user.

    These roles can be queried in code, e.g. in the web layer via HttpServletRequest#isUserInRole, in the EJB module via SessionContext.isCallerInRole etc. There are also annotations that declare this dependency on role(s).

    If you thus want to leverage the existing security and role structure, there is nothing for you to design other than defining which roles there are and providing a login module that can fetch the collection of roles for the user who has authenticated.

    For this last thing, you may have to design something, but not necessarily. If you store your users in a directory service (e.g. LDAP), you can just use an LDAP login module. Most application servers or servlet containers (like JBoss AS, Glassfish, Tomcat, etc) provide those by default. If your users are in a DB, a simple table with a foreign key to a user in one column and the role name in another column would do. You can then use a DB login module that uses a simple query to fetch the roles.

    • 0