Database as data source for authorization

For the implementation of authorization, 3 tables are required in the database for the administration of users, roles and rights, which are linked to each other by an n:m relation. You can use the wizard to generate the corresponding entities. Additionally the entities are linked by a mapping. This allows RapidClipse to handle arbitrary names of entities and attributes. If the default mapping is not suitable for your data structure, you can define custom queries for it.

Even if you use authentication via LDAP, you must store users in a database table to link users and roles. Users and roles must be synchronized at runtime.

  • Required data structure in general.

    • User - storage of username, password, and additional user-specific information, if applicable. Labels used in RapidClipse APIs: User, Subject.

  • Roles - storage of roles / groups a user can belong to. In RapidClipse APIs used names: Roles, Usergroups, Userroles.

  • Rights - Storage of the rights that a role can have. States or conditions that must be fulfilled can also be stored here. In RapidClipse APIs used names: Permissions, Resources.

  • Data structure generated by RapidClipse.

    • *Entities

      Entity

      Attributes

      Data type

      Explanation

      User

      username

      String

      Saves the user name as a string.

      password

      byte[]

      Saves the password as a byte array, usually encrypted.

      roles

      Set / List

      List of all roles.

      Role

      name

      String

      Saves the name of the roles as a string.

      resources

      Set / List

      List of all rights.

      childRoles

      Set / List

      List of all roles.

      parentRoles

      Set / List

      List of all roles.

      users

      Set / List

      List of all users.

      Resource

      name

      String

      Saves the name of a permission as a string.

      roles

      Set / List

      List of all roles.

    • *Data Access

      • UserDAO

      • RoleDAO

      • ResourceDAO

  • Database tables (using MySQL as an example) - Database tables generated by the (Hibernate) entity export function.

    Entity

    Data fields

    Data type

    Explanation

    USER

    USERNAME

    varchar(255)

    Saves the user data, including username and password.

    password

    tinyblob

    ROLE

    NAME

    varchar(255)

    Saves all roles.

    RESOURCE

    NAME

    varchar(255)

    Save all rights.

    ROLERESOURCENM

    ROLE

    varchar(255)

    Saves all role-rights combinations. A role can have many rights, a right can occur in many roles.

    RESOURCE

    varchar(255)

    ROLEROLENM

    CHILDROLE

    varchar(255)

    Saves all role-role combinations and thus allows nesting of roles.

    PARENTROLE

    varchar(255)

    USERROLENM

    USER

    varchar(255)

    Saves all user-role combinations. One user can have many roles, one role can be taken by many users.

    ROLE

    varchar(255)

  • Dealing with existing database - If there are already tables in your database for managing users, roles and rights, make sure that for each table there is a corresponding entity with associated DAO in your Project Management under Entities or ata Access. If not, you can import the missing entities and DAOs using the import function Create JPA entities from table. Different table and data field names are no problem due to the mapping performed later.

Define / generate resource table

  1. Entity for permissions already exists - Select your existing entity.
    No *Resource Entity exists yet - Click on New Entity…​ to create a new entity Resource including DAO ResourceDAO.

  2. At Mapping > Resource name select the attribute for storing the user rights.

  3. Click Next >.
    Image not found

Options:

  • Resource name - selection of the attribute for the user rights name.

Notice:

  • Mapping - If you have the entity Resource generated, you can take the default attribute Resource.name.

Result:

  • Project Management > Entities - The entity class Resource.java is generated or an already existing entity is used by selection.

    Entity

    Attribute

    DataType

    Resource

    name

    String

  • Project Management > Data Access - The DAO class ResourceDAO.java is generated. If an already existing entity is selected, no new DAO will be generated.

Define / generate Roles table

  1. Roles table already exists - Select your existing Role entity.

    1. If no Role Entity exists yet - Click on New Entity…​ to create a new entity Role including DAO RoleDAO.

  2. At Mapping > Role name select the attribute for storing the roles.

  3. At Mapping > Resources select the attribute for saving the rights.

  4. At Mapping > Child roles, select the attribute for storing subroles.

  5. Click Next >.
    Image not found

Options:

  • Role name - selection of the attribute for the role name.

  • Resources - selection of the attribute with the list (Set/List) of all rights for a role.

  • Child roles - selection of the attribute with the list (Set/List) of all subroles for a role.

Notice:

  • Mapping - If you have the entity Role generated, you can accept the default attributes.

Result:

  • Project Management > ntities

    • Role - The entity class Role.java is generated or an already existing entity is used by selection.

      Entity

      Attribute

      DataType

      Role

      name

      string

      resources

      Set / List

      childRoles

      Set / List

      parentRoles

      Set / List

    • Resource - The entity class Resource.java is extended by the attribute roles.

      Entity

      Attribute

      DataType

      Resource

      name

      String

      roles

      Set / List

  • Project Management > Data Access - The DAO class RoleDAO.java is generated. If an already existing entity is selected, no new DAO will be generated.

Linking users and roles

  1. Table for the users (User) already existing - Select your already existing User entity.

    1. No User Entity exists yet - Click on New Entity…​ to create a new entity User.

  2. Select the attribute for the user name at Mapping > Subject name.

  3. Click Create Attribute at Mapping > Roles to extend the entity User with an attribute that links the entities User and Roles.

  4. Click Finish.
    Image not found

Options:

  • Subject name - selection of the attribute for the user name. Roles - selection of the attribute with the list (Set/List) of all roles of a user.

Result:

Project Management > Entities * *Role - The entity class Role.java is extended by the attribute users.

+

Entity

Attribute

DataType

Role

name

string

resources

Set / List

childRoles

Set / List

parentRoles

Set / List

users

Set / List

  • User - The entity class User.java is extended by the attribute roles.

    Entity

    Attribute

    DataType

    User

    username

    String

    password

    byte[]

    roles

    Set / List

    • Project Management > Data Access - The DAO class RoleDAO.java is generated. If an already existing entity is selected, no new DAO will be generated. Project Management > Business Objects - The class ExampleAuthorizationProvider.java is generated.

      package com.company.demoproject.ui;
      
      import com.company.demoproject.domain.Resource;
      import com.company.demoproject.domain.Role;
      import com.company.demoproject.domain.User;
      import com.rapidclipse.framework.security.authorization.AuthorizationConfiguration;
      import com.rapidclipse.framework.security.authorization.AuthorizationConfigurationProvider;
      import com.rapidclipse.framework.server.security.authorization.jpa.JPAAuthorizationConfigurationProvider;
      
      
      public class MyAuthorizationConfigurationProvider implements AuthorizationConfigurationProvider
      {
          private static class InitializationOnDemandHolder
          {
              final static MyAuthorizationConfigurationProvider INSTANCE = new MyAuthorizationConfigurationProvider();
          }
      
          public static MyAuthorizationConfigurationProvider getInstance()
          {
              return InitializationOnDemandHolder.INSTANCE;
          }
      
          private JPAAuthorizationConfigurationProvider provider;
      
          private MyAuthorizationConfigurationProvider()
          {
          }
      
          @Override
          public AuthorizationConfiguration provideConfiguration()
          {
              if(this.provider == null)
              {
                  this.provider = new JPAAuthorizationConfigurationProvider(User.class, Role.class, Resource.class);
              }
      
              return this.provider.provideConfiguration();
          }
      }

Create database tables

For the newly generated entities User, Role and Resource corresponding tables have to be created in the database.

Enter default data

It is helpful to enter some default data for the database tables USER, ROLE and RESOURCE.