Home/ Questions/Q 6385343
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T02:53:14+00:00

I would like to build a simple ORM/database permission system where I have users,

  • 0

I would like to build a simple ORM/database permission system where I have users, groups and rights:

  • Each user can be a member of multiple groups, every group can have multiple users as members.
  • Each relationship between user and group has an additional piece of information: rights.

The idea is that each user can have different rights in each group.

How should my entities look like so I can query things

  • from the “group view” like “retrieve all members of this group”
  • and the “user view” like “retrieve all groups this user is a member in”
  • as well as “given this user and this group, which rights does the user have”?

I’m using Java 6 with JPA2 annotations and EclipseLink.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think you might want to look at implementations already provided by the application server community. Typically speaking, what you’ve described is a definition of form based authentication.

    http://tomcat.apache.org/tomcat-5.5-doc/config/realm.html

    Basically speaking, the relationship is:

        User
      + Role[]

    Once configured this allows frameworks such as JSF (but you’ll notice I’m accessing the Tomcat session here) to query for a specific role. The code below is taken from a basic form-based authentication scheme I have on a small web-app, and it is in dire need of refactoring, I’ve just had higher priorities

    public boolean isUserInRole(Roles role)
  {
    return FacesContext.getCurrentInstance().getExternalContext().isUserInRole(role.getRoleValue()); 
  }

    In this case Roles is a (poorly named) enum type that is stored in my “Role” Entity:

    @Entity
@Table(name = "role", uniqueConstraints = @UniqueConstraint(columnNames = { "user_user", "role" }))
public class Role implements Serializable
{
    private static final long serialVersionUID = 1L;
    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    private Long id;
    @ManyToOne(targetEntity = User.class, fetch = FetchType.LAZY)
    private User user;
    private String role;

    public Long getId()
    {
        return id;
    }

    public void setId(Long id)
    {
        this.id = id;
    }

    public User getUser()
    {
        return user;
    }

    public void setUser(User user)
    {
        this.user = user;
    }

    public String getRole()
    {
        return role;
    }

    public void setRole(String role)
    {
        this.role = role;
    }
}

    This ends up creating the tables (as I specified the fields) so I can provide an SQL query to the configuration and create a realm. There’s a lot of good documentation on this if you Google “j_security_check”.

    As to a group? A group sounds like a collection of roles to me–so it isn’t a stretch to modify the query to a third table, or simply provide an enum.

    (after reading this, the only clarification is that my roles are stored in an enum which contains the string value of the role, so roles.getValue() returns a string like “administrators”.

    • 0