The first question you need to answer is – where do you want to keep your access information? i.e. who can access what. some options include a LDAP server, hard coding into the app, or some sort of encrypted file, etc. How you asnwer this will dictate the technology you use.

For example, if you decide to use a LDAP server, then you need to have your app setup a connection to it, prompt the user for a userid and password, logon, and retrieve their security groups. Then when you are setting up the GUI, you can query the retrieved groups to see what the user can see or access.

It’s pretty much always a good idea to relate a user to one or more security groups. From there you can decide to either assign GUI functionality to individual groups, or to decouple a step further and assign function to privilages, and then define group to privilage relationships.

Java comes with JAAS which is a built in security framework. But it can take some time to get your head around and (AFAIK) is not a completely solution, just a starting point.

It also may be that you simply don’t need anything as complex as LDAP and JAAS. If it’s a simple app then perhaps you only need an admin id which only one or two people know the password to, and some shared other ids, in that case you can simply store the data in the app. Although this is the least flexible solution.

Finally you should make sure that the difficultly of accessing the system should match the importance of the information being stored. ie. don’t put bank level security in front of editing the staff’s contact information.