Access control and permission

3

I have a CRUD project to manage teachers and courses at a college using jsf + primefaces + jpa. My problem is this:

  • There are users who are the course coordinators and the users who are civil servants. Officials have access to the list of all the courses registered at the base, but the referees can only view their course data.

    • Example: Normal user opens the crud screen and sees a datatable showing all the courses. Already a rower sees a datatable showing only the course assigned to it.

How do I restrict this type of access to a user?

    
asked by anonymous 30.03.2016 / 14:30

2 answers

0

Man, you would have to do a userStatic, get the id that is logged in and compare the permission, do you use filter or springSecurity? You can create the permissions with a boolean as well.         EX.:

@Override
      public List<Ordens> listarTodos() {
    S  tring sql = "select o from Ordens as o inner join o.usuario as u where u.id"
            + " = "+UserStatic.getUsuario().getId();

    if(UserStatic.getUsuario().getPermissaoUsuario().equals(PermissaoUsuario.USER))
         return getEntityManager().createQuery(sql).getResultList();

      if(UserStatic.getUsuario().getPermissaoUsuario().equals(PermissaoUsuario.ENCARREGADO))
         return getEntityManager().createQuery(sql).getResultList();


    return super.listarTodos();
    
14.04.2016 / 19:23
0

Better than pure filter does not exist. SpringSecurity also filters, but is specific and cast.

Example:

/**
 * Filter para tratar login no sistema
 */
@WebFilter(
        filterName = "all", urlPatterns = { "/*" }, dispatcherTypes = { DispatcherType.ASYNC, DispatcherType.FORWARD,
                DispatcherType.INCLUDE, DispatcherType.REQUEST, DispatcherType.ERROR })
public class NossoFilterAllRequest implements Filter
{

    /**
     * urlPatterns = { "/*" } isso vai fazer com todas as resições passem por aqui
     */

    /**
     * @Objetivo Implementar o filtro de logar no sistema
     */
    @Override
    public void doFilter(ServletRequest requestServlet, ServletResponse responseServlet, FilterChain chain)
            throws IOException, ServletException
    {
        try
        {
            final HttpServletRequest rq = (HttpServletRequest) request;
            final HttpServletResponse rp = (HttpServletResponse) response;
            final SeuObjetoSessaoLogin objSession = (SeuObjetoSessaoLogin) rq.getSession().getAttribute("login");
            //sua lógica
             chain.doFilter(request, response);
        }
        catch (Exception e)
        {
            e.printStackTrace();
        }
    }




    @Override
    public void destroy()
    {
        //se precisar logicas de baixar algum serviço, executa quando para o serviço
    }

    @Override
    public void init(FilterConfig config) throws ServletException
    {
        //se precisar iniciar alguma lógica.. executa quando inicia o serviço
    }
}
    
16.11.2016 / 20:36