To implement the authorization, you need three tables for managing users, roles, and rights in the database, each of which is connected to the others by an n:m relation. The wizard allows you to generate the appropriate entities. In addition, the entities are connected by mapping. This allows RapidClipse to handle entities and attributes of any name. If the default mapping does not match your data structure, you can define custom queries.
Even if you use the authentication via LDAP, you have to save the users in a database table to connect users and roles with each other. Users and roles must be synchronized at runtime.
Required data structure in general
Users - Save username, password, and any additional user-specific information. The designations used in RapidClipse APIs are User and Subject.
Roles - Save the roles/groups to which a user can belong. The designations used in RapidClipse APIs are Roles, Usergroups, and Userroles.
Rights - Save rights that can have a role. Here, you can also save the states or conditions that must be met. The designations used in RapidClipse APIs are Permissions and Resources.
Data structure generated by RapidClipse
Entities
Entity | Attribute | Data type | Explanation |
User | username | String | Saves the username as a string. |
password | byte[] | Saves the password as a byte array, usually encrypted. | |
roles | Set / List | List of all roles. | |
Role | name | String | Saves the name of the roles as a string. |
resources | Set / List | List of all rights. | |
childRoles | Set / List | List of all roles. | |
parentRoles | Set / List | List of all roles. | |
users | Set / List | List of all users. | |
Resource | name | String | Saves the name of the rights as a string. |
roles | Set / List | List of all roles. |
Data Access
UserDAO
RoleDAO
ResourceDAO
Database tables (using the example of MySQL) - Database tables generated by the (Hibernate) entity export function.
Entity | Data fields | Data type | Explanation |
USER | USERNAME | varchar(255) | Saves user data, including username and password. |
password | tinyblob | ||
ROLE | NAME | varchar(255) | Saves all roles. |
RESOURCE | NAME | varchar(255) | Saves all rights. |
ROLERESOURCENM | ROLE | varchar(255) | Saves all role-right combinations. A role can have many rights, a right can occur in many roles. |
RESOURCE | varchar(255) | ||
ROLEROLENM | CHILDROLE | varchar(255) | Saves any role-role combination, thus allowing the nesting of roles. |
PARENTROLE | varchar(255) | ||
USERROLENM | USER | varchar(255) | Saves all user-role combinations. A user can have many roles, a role can be taken by many users. |
ROLE | varchar(255) |
Dealing with an existing USER table: If you have already developed a table for managing users, roles, and rights in your database, make sure there is an appropriate entity with corresponding DAO in Project Management in Entities or Data Access. If not, you can generate the missing entity and DAOs using the Create JPA entities from table import function. It is not a problem if the field and table names are different because mapping is performed later.
Resource name - Select the attribute to which the resource name is mapped for the user rights.
Mapping - Once you have generated the Resource entity, you can apply the specified Resource.name attribute.
Project Management > Entities - The Resource.java entity class is generated or used by selecting an existing entity.
Entity | Attributes | Data type |
Resource | name | String |
Project Management > Data Access - The ResourceDAO.java DAO class is generated. When selecting existing entities no new DAO is generated.
Role name - Select an attribute for the role names.
Resources - Selection of the attribute with the list (Set / List) of all rights for a role.
Child roles - Selection of the attribute with the list (Set / List) of all sub-roles for a role.
Mapping - If you generate the Role entity, you can apply the specified attributes.
Project Management > Entities
Role - The entity class Role.java is generated or used by selecting an existing entity.
Entity | Attribute | Data type |
Role | name | String |
resources | Set / List | |
childRoles | Set / List | |
parentRoles | Set / List |
Resource - The Resource.java entity class is enhanced with the roles attribute.
Entity | Attribute | Data type |
Resource | name | String |
roles | Set / List |
Project Management > Data Access - It is the DAO class RoleDAO.java generated. When selecting an existing entity, no new DAO is generated.
Subject name - Select the attribute for the user name.
Roles - Select the attribute with the list of all roles for users.
Project Management > Entities
Role - The Role.java entity class is extended with the users attribute.
Entity | Attribute | Data type |
Role | name | String |
resources | Set / List | |
childRoles | Set / List | |
parentRoles | Set / List | |
users | Set / List |
User - The User.java entity class is enhanced by the users attribute.
Entity | Attribute | Data type |
User | username | String |
password | byte[] | |
roles | Set / List |
Project Management > Data Access - The RoleDAO.java DAO class is generated. When selecting an existing entity, no new DAO is generated.
Project Management > Business Objects - The ExampleAuthorizationProvider.java class is generated.
package com.company.example.business; import com.company.example.entities.Resource; import com.company.example.entities.Role; import com.company.example.entities.User; import com.xdev.security.authorization.AuthorizationConfiguration; import com.xdev.security.authorization.AuthorizationConfigurationProvider; import com.xdev.security.authorization.jpa.JPAAuthorizationConfigurationProvider; public class ExampleAuthorizationConfigurationProvider implements AuthorizationConfigurationProvider { private static ExampleAuthorizationConfigurationProvider INSTANCE; public static ExampleAuthorizationConfigurationProvider getInstance() { if (INSTANCE == null) { INSTANCE = new ExampleAuthorizationConfigurationProvider(); } return INSTANCE; } private JPAAuthorizationConfigurationProvider provider; private ExampleAuthorizationConfigurationProvider() { } @Override public AuthorizationConfiguration provideConfiguration() { if (this.provider == null) { this.provider = new JPAAuthorizationConfigurationProvider(User.class, Role.class, Resource.class); } return this.provider.provideConfiguration(); } } |
It is necessary to create appropriate tables in the database that match the newly generated User, Role and Resource entities in the database.
Entity > Database Export (Create tables)
For database tables, it is helpful to enter some default data in the User, Role, and Resource entities.